Bridging again

[Gergo Szakal]

Bill Hacker wrote:
OK - do you mean to:

- route, NAT, DHCP share a connection for (all those folks)?

- firewall/filter for them?

- proxy some service(s)?

- electronically vampire-tap their traffic?

Or what?

FWIW, a 'bridging' arrangement is often one of the hardest-working ways 
to do several of these things for the value-add, so is 'bridging' really 
what you need?

i.e. - what is the intended service?
The intention is to transparently filter the traffic of a given 
department. I know it is appropriate, since our old bridge has been 
runnning for 17 months now. :-)
Sidenote: The IPs are public, no proxying, and there may be some traffic 
queuing (has already been tested with OpenBSD, and it worked).
(Let me tell the network topology: there are 4 departments sharing the 
same class C ( == /24) range of public IPs. The infrastructure in the HQ 
is quite old thus they are unable to mask the subnet into four /26 
ranges. I have built a bridge for each department. Now one of them got a 
new machine, and this is a great occasion for me to try DF in a 
production environment, and I am also sick & tired of OpenBSD.)