[ Apologies for the delay, Rob. ]
--- Rob Keeling <rob(a)rjkeeling.freeserve.co.uk> wrote:
The structure goes something like this. External if is
school network, on a 10.4. address.
10.4.X external, eh?
On the external interface we will have a switch,
laptops (which we can`t change the settings on).
I had thought of using NAT and a different ip range for the laptops
assigned by dhcp.
YUp, that's make life slightly easier in terms of packet filtering, I
suppose. Are you still wanting to go down the IPTables route, or are
you still open for ideas? The reason I ask, is that based on what
you've said here, it might be "better" to use a dedicated firewall
machine -- say, IPCop (some would say use "Smoothwall", but I have my
reasons as to why *I* personally don't recommend it.) You might find
it more beneficial that way. I also hear their web-interface is quite
If you still want to try IPTables, I can rustle some examples up for
you, if you like. I'm deliberately holding out, until I know the
direction you want to take, Rob.
Our internal mail server (mail) could easily forward
the mail traffic
Yes, it could. Just make sure that if that's NATtting, and you have no
subdomains that explictly require their own mail domain, that they
don't get lost. But I wouldn't imagine you do.
on, and we already have a local squid cache that I
could copy the
of to create a transparant proxy, however the squid faq says you
transparent proxy https.
Just so we're clear in the above, I assume you mean "https://" as a
protocol, and not "http's" (many http requests.)?
Does that help discribing the problem?
-- Thomas Adam
Yahoo! Messenger - NEW crystal clear PC to PC calling worldwide with voicemail