ie.- leave the bulk of the machines on 172.19.50.x use 192.168.0.x for the others use two NICs in the Linux machine, 1 for each subnet Install masquerading
Will this allow the machines on 192.168.0.x to access *all* the services on the main network?
Yes, if you get the config all right, but you don't necessarily need two NICs, you can run multiple subnets on one cable with one NIC by aliasing multiple numbers onto the same card, we have three different numbering systems on a single NIC! You also don't need masquerading if you have local proxying, but this would limit what the local-number machines can do to what is proxied by the proxy. In our case the limitations are welcome - the internal machines can't be seen directly by external ones, and that protects them from nasties and prevents them doing lots of non-academic things like ICQ, Napster, making money by browsing, bypassing the external filtered proxy, etc. -- Christopher Dawkins, Felsted School, Dunmow, Essex CM6 3JG 01371-820527 or 07798 636725 cchd@felsted.essex.sch.uk