> Give the 2nd ether on the firewall, say, 10.0.0.128/29 (for instance). > You assign your machines 10.0.0.129, 10.0.0.130, etc. Then you setup the > port forwarding on the DSL router: > > your.machine:25 -> 10.0.0.129:25. The DSL router sees 10.0.0.0/24 as the > entire subnet, and it forwards the packets to the ethernet port (doing the > NAT form your external IP to 10.0.0.129). The firewall sees a packet > coming in for 10.0.0.129:25, doesn't do any NAT but just filters, and > sends it on it's way. > > So your DSL router thinks it's on a /24 network, the firewall thinks that > eth0 is a /30 (just it and the router), and it's other ether port is on > a different subnet (you have to make sure that what you assign your > machines out of doesn't overlap with what the firewall sees, so it doesn't > get conflicting netmasks. Um, I really think you're making things more complicated than they need to be. (I'm allergic to weird netmasks -- I suppose if you're comfortable with that stuff, maybe you think differently). Just use a reserved class C address internally -- 192.168.xxx.yyy and a netmask of 255.255.255.0 (Clue for the Clueless -- "xxx" must be *identical* on every internal box, "yyy" must be *unique*). The end result is more or less the same, I just find it easier to deal with mentally when different networks actually *look* different. --------------------------------------------------------------------- To unsubscribe, e-mail: tclug-list-unsubscribe at mn-linux.org For additional commands, e-mail: tclug-list-help at mn-linux.org