Hello there > > Router (192.168.1.120) <-> (192.168.1.121) > Firewall PC (192.168.1.122) > > <-> (192.168.1.0/24) LAN > > > > Now, thing is, the Linux firewall has two NICs: > > > > NIC 1: 192.168.1.121 > > NIC 2: 192.168.1.122 > > > > The two NICs on the Linux box are configured with > 192.168.1.121 and > > 192.168.1.122, both interfaces on the same subnet. > 192.168.1.121 acesses > > the company router (192.168.1.120) and > 192.168.1.122 acesses the company > > LAN (192.168.1.0/24)
Your Linux box is very like running as a real bridge (set eth0 and eth1 as a brige) or a fake brige (running proxy-arp). You could confirm that--I'm guessing every machine in your LAN has a default gw of .120, your router? And your router believes that it is directly connected to your LAN? If not, then everyone else is right--your network is screwed and you're lucky it's lasted this long. > > I known we could use a network bridge, but we need > the caching > > nameserver functionality. Setting up a machine to brige does not exclude it from running as a nameserver, if you must still do this [0]. Off the top of my head, create a bridge with your $inif and $outif on your replacement machine. Inif doesn't need to have an IP on it. Bind your nameserver to outif. Setup your filter rules as you need them. -Matt ps. Just because something is a bridge doesn't mean that it can't have IP addresses. [0] List, feel free to destroy me if my setup wouldn't work. 8^) Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
