passive mode wouldnt do any good either because the remote cant see the ftp server's ip address at all when its connected to the fw. it gets its dns resolutions from the network so dns servers are not the prob. if i ping yahoo.com it will echo yahoo's ip address but get no reply. just enabled vnc threw the fw and was able to connect to the computer accross the internet but they still cant see outside the tunnel.

i have a device sending syslog messages here but none are getting threw. didn't notice that before. i disabled it, rebooted and still have the same condition. i enabled syslogging on the fw and get its messages just fine!?!

i got a nix box here but for me it would be less trouble to drive over there and probably quicker than to stop everything to figure out how to get squid working for one computer especially since it might not work....but thanks for that anyway. thank you all for trying to help!