Thanks Richard & Charles for comments and links. I should provide a bit of insight here. Dealing with technical and political issues. (really too bad!) Office secretary doesn't get along with IT dept of company b, and there seems to have been a real lack of cooperation although according to management this guy (on their board of directors) is supposed to have access to their intranet. I think that there may be a reluctance to reconfigure their firewall (as link suggests) as the IT guy there seems so uncooperative. I did do some research and figured that this is going to require some testing and troubleshooting, and I don't know whether they are using encapsulated FWZ or not. Also, I am not an employee of company a, but just do work for them so I can't be on site for any extended time. So I will try to prepare a diskette as per instructions in links below to see if it will work, but I also want to have a plan b. ie jump around the firewall for that one route if that might work as well. Still open to suggestions. Thanks, Boyd PS. I'll also be working on both pptp and ipsec for my own dachstein. -----Original Message----- From: Richard Doyle [mailto:[EMAIL PROTECTED]] Sent: Thu 07/03/2002 7:08 PM To: Boyd Kelly; [EMAIL PROTECTED] Cc: Subject: RE: [Leaf-user] Dachstein migration successful! - General routing question. FWIW, a quick check on google for "securemote linux nat" turned up http://www.phoneboy.com/faq/0372.html and http://www.phoneboy.com/faq/0141.html. -Richard > Got my ip aliasing/forwarding and all working on dachstein. > Very happy > about that. Great piece of work! > > Now for an interesting problem: > > One guy behind my leaf firewall needs a securemote (Checkpoint) > connection to company b. He has a Win2k workstation. As I understand > from searching the newsgroups, this isn't possible with > Linux, although > I would love to be corrected on that one. > > So I am looking for some opinions on a solution. Could I just do some > routing magic on the win2k workstation to bypass the leaf router only > for that securemote ip address? For something like that to work would > the workstation need a second nic? Or can I just plug all the > Internet/Leaf wires into the same switch, and then give computer 3 a > default gateway of 208.x.x.1 for the address in question? > > Any security issues? > > > > [Internet] > | > eth0 208.x.x.13 > | > LEAF Box (DF 208.x.x.1) | > | > eth1 192.168.1.254 > | > ----------------------- > | | > Computer 2 Computer 3 (needs to use > securemote client) > (192.168.1.2) (192.168.1.3) > > > Thanks very much, > > Boyd > > _______________________________________________ > Leaf-user mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user > Þiû¬z¹šŠX§‚X¬´·š~ë®X¬¶Ë(º·~Šàzw†Ûi³ÿåŠËl²‹«qç讧zßåŠËlþX¬¶)ߣù^iû¬z