From: jochen mader [mailto:jochen@teg-me.de]
I hope I got that right: YOu got the sam subnet on both sides of the firewall? If that is true then the only way to get this to work is to use the arp-cache of the kernel (not easy). I'd suggest the following solution: Your router has two interfaces, one pointing to the internet and one to the inside. Assign a private subnet to the internal interface. Asign the same subent to the external interface (the one that is talking to the router). Now add the static routes to the router and the firewall to tell 'em that all traffic has to go through this private subnet and you are done.
That system would (AFAIK) work. I've seen in in use once. Your routes would look like this 1.2.3.0/24 -- your official subnet DSL-Router: eth0: external device official ip address eth1: internal device private address 192.168.0.1 1.2.3.0 netmask 255.255.255.0 gw 192.168.0.2 dev eth1 default dev eth0 firewall: eth0: external -- connected by crossover cable to dsl-router 192.168.0.2 eth1: internal -- connected to your subnet official ip address != dsl-router-address 1.2.3.0 netmask 255.255.255.0 dev eth1 default gw 192.168.0.1 dev eth0 all other hosts have to be routed through the firewall (its official address). Should work?! Greets, Andreas