Hi Ian, > However, I really don't want to add another ethernet card. So my thoughts > now are that I should be able to use iptables, but view it as a routing > problem. Before I go too far down this path, suggestions or pointers would > be appreciated. Is there a particular reason you are against adding another card? Seems to me that would make the problem relatively simple. Even though you didn't ask for it, another thought in passing: provided you get this going by whatever means, and depending on how many internal machines you have, you could do MAC address matching in iptables to make sure only your nominated machines can get to your proper internal addresses. In other words, treat your internal network as hostile, not just your external network. I'm of the opinion it's good practice to do that anyway, with the growing incidence of staff doing crazy things like installing unprotected WiFi access points on internal networks. Don't just SNAT all internal machines out to the net, block everything in both directions at your firewall and only allow data in *or* *out* that you specify. Cheers Jonathan
Attachment:
signature.asc
Description: This is a digitally signed message part