James B. Byrne wrote: > You can accomplish this much easier by simply using > a firewall. I like OpenBSD firewalls in layer 2 > bridging mode. Put the firewall in-line between the > router and the rest of the network, no other network > changes needed. The difficulty with this is that it requires yet another host, a reconfiguration of the existing wiring plan, and dealing with a number of other issues which directly arise from the first two requirements. We already use IPtables, and we already have some of our older hosts secured behind sshd linux boxes so that network traffic to them is only carried en clair across direct x-wired patch cables. > If your not well versed in routing I wouldn't recommend > going around making a bunch of changes to a system that > I assume has been more or less working for more than > a decade. Which is why I asked the question if by making a single change to the network parameter of the Cisco Router could I avoid: 1. Physically segmenting my LAN 2. Having to commission an additional host or reconfigure an existing host to multi-homed. Routing is something I do not go at very often and I do not trust my memory for such things in consequence. The manuals and books that I have give sketchy coverage of this aspect and use examples much more narrow in scope than I contemplate. It would be a gross over-statement to say that I am unfamiliar with the concepts of routing. But I am asking for specific guidance on specific software (CISCO ISO 12.x) and hardware (CISCO 26xx series) from someone with experience in these matters. I recognize that this is not the precise forum to ask, thus the OT. On the other hand, I trust that my situation cannot be very dissimilar to those faced previously by many system administrators who also happen to run CentOS. Regards, -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3