18 Jul
2001
18 Jul
'01
06:54
One thing I forgot: It actually doesn't work if the internal interface has a real address on the same subnet as the external firewall interface and the internal hosts!! So much for the subject heading :[ The internal interface of the firewall should have a private ip such as 10.0.0.1 ! the internal machines need a network route to the subnet in question AND a hostroute to this private ip interface. from route.conf --snip-- my.subnet.add.ress 0.0.0.0 my.net.mas.k eth0 10.0.0.1 0.0.0.0 255.255.255.255 eth0 default 10.0.0.1 --snip-- Everything else from the previously stated firewall config applies, and works quite nicely. -g