I'm aware that using non-routables would be easier and more secure but that would mean a complete overhaul of our setup and messing about with proxies.
The problem is that this means the two NICs on the firewall are on the same subnet. There appears to be some problem with routing in this setup. I've not tried to do anything fancy just set up eth0 and eth1 as normal.
I am getting absolutely nowhere with this. I've searched high and low for info on the routing on same subnet thing and it all boils down to arp and route kludges. With these I can get internal hosts to see the external NIC on the firewall but that's it and as soon as I turn on the firewall it all stops dead. Isn't there *any* HOWTO on doing this? Invisible firewalling like this seems, on the face of it, a neat and simple drop in to an existing network, but the routing is a nightmare. I don't have direct access to the router or control over it. Anyone out there done this for real and got it to work?! JB (getting highly frustrated) -- John Bland M.Phys (Hons) AMInstP / \ PhD Student & Sys Admin Email: j.bland at cmp.liv.ac.uk / \ Condensed Matter Group http://ringtail.cmp.liv.ac.uk/ / \ Liverpool University "Hey, I wonder how much meat you get on a womble?" -- Eddie