Dear All, Recently we have faced a need to put some of our older machines behind a firewall, so as to make them accessible from our real subnet only.
We have not implemented anything yet and are just generating different feasible solutions. As of our opinion, the best one is as follows: -Assign the dummy IP-s to older machines (192.168.x.y) with the �eth1� (IP=192.168.y.1) on the firewall to be their gateway; -Assign a real IP to the �eth0�, which is the gateway for the dummy subnet, i.e., \"eth1\"; -Assign the former real IP-s of the older machines to the �eth0� in a multiple manner; -Configure all the netfilter stuff to drop all the �wrong� packets and to redirect the correct ones from real IP-s to the dummy ones, correspondingly. We would much appreciate if somebody finds time to let us know a smarter solution. Thank you very much! Best wishes, Giorgi PS. We are well aware of the intrusion danger from our modern machines.
