Hi, I use a similar setup at work to split a range of 64 ip adresses into multiple demilitarized zones. I did not choose to use subnetting, as i wanted to move hosts easily between DMZs without changing their IP-Address. The setting you want is possible if you use a technique called "proxy arp". I also suggest you use the shoreline firewall script to setup your firewalling and routing, instead of the SuSEfirewall script. It is easy to setup, even for complex settings (i dont want to start a flamewar, but shorewall is much more suited for complicated settings than SuSEfirewall IMHO). You can configure proxy arp very easily there. Get shorewalll and shorewall tutorial from http://www.shorewall.net/ In any case, i suggest you read the following about proxy arp: http://www.sjdjweis.com/linux/proxyarp/ http://lartc.org/howto/lartc.bridging.proxy-arp.html The second has an example, it should be easy to customize it to your needs. peace, Tom David Livingston wrote:
Internet | | eth0 (1.1.1.1) | FireWall---eth1 (1.1.1.2) | | Webserver (1.1.1.3)