Help using NAT to create an invisible/transparent filtering firewall

[Ed Wilson]

Hi,

After reading a few of the posts in this news group it seems that a few 
people are possibly trying to achieve something along the lines of what I 
am after. Let me try and explain what I am  attempting to do:

Say I have a three internet servers which are sitting in a subnetwork of 31 
(/27) real ip addresses. Obviously these machines each have their gateway 
addresses pointing at the router for this subnet. I want to put a linux NAT 
box between the router and the internet servers and set it up so that the 
servers think that they are still seeing the router directly. However their 
packets are actually being forwarded and filtered through the linux box.

To do this the linux box will have two network cards, one connected to the 
outside world (router) and the other to each of the servers via a hub 
(standard firewall config). I intend on aliasing the outside world network 
card with the ip addresses of the server machines on the inside segment. 
Then giving the network card on the inside segment the ip address of the 
router. Would a promiscuous netcard and standard kernel forwarding cause 
the real router to conflict with the ip address of this interface?

I want to set it up this way so I can insert and remove the firewall 
machine without having to change the gateway addresses on the servers. Also 
I don't want to have to point to point route each of the servers, or subnet 
the designated ip range (/27) to an even smaller range such has 3 hosts 
(/30) so that standard routing can occur.

Any help / ideas on how to do this would be appreciated.

Cheers,

Ed.

ed@awt.com.au