> I'm going to set this box up as a caching DNS server for the machines inside > of it. After that do I work NAT (ipmasq?) or FW (ipchains?) ?
You may not need either, if it is just an internal, caching DNS. The DNS application config will take care of forwarding DNS queries appropriately. Does it need to be accessible by hosts on the Internet? Is it even forwarding traffic at all? If it is forwarding traffic, does it need to do any NAT? If you do need a firewall, I would use iptables...although this presumes you are on at least kernel 2.4. If you are on 2.2, you are stuck with ipchains. Iptables is worth the upgrade ;-) If you don't have experience with iptables, see http://iptables-tutorial.frozentux.net/. I also have some stuff up on iptables and fwbuilder at my site, http://www.turinglabs.com. Doug
