Martin Cooper <usenet@martinc.me.uk> wrote in message news:<gemini.3ef4132f003af543%usenet@martinc.me.uk>...
> Hi Richard,
> The way I solve this problem is by using a bridging firewall, but to
> set this up, you need to patch the linux kernel. For details of how to
> do this, take a look at http://bridge.sourceforge.net, particularly have
> a look through the docs.
>
> Normally when you create a bridge, it works at layer 2, so netfilter
> never sees the traffic going through the bridge. However, after
> patching and rebuilding the kernel with the bridging patch, this part of
> the process is changed so that all traffic traverses the netfilter
> tables. So you end up with a machine where the two (or more) ethernet
> cards are joined to form a single bridge, then assign an IP to that
> bridge (optional). This immediatly saves you one IP, and all machines
> can be on the same subnet but still firewalled.
>
> On my network, I use a bridge with 3 ethernet cards. eth0 connects
> directly to my router, eth1 connects to my DMZ and eth2 connects to a
> switch to server the local network. An additional benefit of a bridge
> is that it does not appear in the traceroute output, so is invisible to
> any would be attacker.


Martin,

It worked. Thanks for the bridge information.

Richard.