Much to my dismay, my bosses have decided that we need a firewall.
What really dismays me, however, is the fact that the network people
appear unwilling or unable to provide us with a subnet for the
machines that need to go behind the firewall.

My original plan was to start by turning a BSD box into a router, and
then install ipf, and gradually crank down the security until we get
something reasonable.  However, I don't know how to make this thing be
a router if there aren't discrete subnets to route between.  Is it
even possible to turn a BSD box into something like an ethernet
repeater?

I was thinking that, if all else fails, I can run proxy ARP on it,
with a static, manually-maintained table of ethernet addresses.  Then
I could add a route for each of these hosts, pointing out the correct
interface.

However, I haven't been able to get that to work; "netstat -nr" shows
the host routes going out the correct interface, but the packets don't
appear to go there.  I may have messed something up, though; I should
probably hack on it some more.

If anybody has some advice for me, I'd really appreciate it.  Please
CC: me, since I don't normally read this list.

Chris

-- 
-----------------------------------------------------cjones@math.montana.edu
Chris Jones                                          cjones@honors.montana.edu
           Mad scientist at large                    cjones@nervana.montana.edu
"Is this going to be a stand-up programming session, sir, or another bug hunt?"