Hi Tom and all you Shorewall users out there! I''m sorry if this question is not related to shorewall per se, but the issue came up when I was studying the setup guide for handling more than one address, so I''m gonna get the question out there and see if y''all can help me out. I''ve been asked by a client who has the luxory of a whole class c network to set up shorewall with four interfaces (net, loc, dmz, dev) and I was intrigued by the setup where the external interface is on the same net as the dmz. Could I possibly split the c network in two and do as follows: * isp''s router is at 195.149.134.1 * I set up the fw''s external interface at 195.149.134.2/24 * The dmz interface at 195.149.134.3/25 (and use 195.149.134.4-126 for hosts in the dmz) * The dev interface at 195.149.134.129/25 (and use 195.149.134.130-254 for hosts in this zone) Would this work routing wise? I was first going to set up all hosts in the different zones with private addresses and use static NAT, but the customer wants the servers to keep the public addresses they are assigned right now, and these are spread out across the c-segment that I found it hard to subnet in a way to get this to work. So if I can have the fw''s external interface in the same net as the dmz, all would be well. Any input appreciated. I hope I''m making some sort of sense, and that I''m not using the wrong forum for these kinds of questions. TIA, Orjan