On our present firewall, running on RH5.2, we put in two local interfaces so that big file transfers done in engineering didn''t load up accounting. Then we went to a dot.gone auction and picked up a 24 port switch for cheap, and just plugged it in. Now we''re preparing a new firewall using Shorewall, and I can''t find a reason to maintain two local interfaces on the firewall, since the switch isolates the accounting and engineering subnets internally. At the moment the two subnets are 192.168.2.0/24 and 192.168.8.0/24. By combining them on one interface I can save a NIC. What complications arise regarding broadcast addresses and what other problems am I going to encounter? By the way, we do have a webserver in a DMZ, and four NICs in the present firewall was a hassle with three PCI cards and one ISA card. -- Sincerely, David Smead http://www.amplepower.com.