Greetings,

We have an open network here at work (no need for login). Recent abuses led us to the decision of installing linux as a server/firewall. On a first stage, however, we're only setting it as a monitoring post between the router and the lan, in order to monitor all internet access without interfering. As such, the pc has 2 NICs, and the firewall mustn't block anything, except what deals directly with the pc. So I want the router to connect directly to one NIC, and the other NIC to connect directly to the rest of the LAN. This has to be done transparently, though.
The router is 10.0.0.1, it's DHCP is set for 10.x.x.x as of now. The linux PC (DSF-LS) is 10.0.0.250, and I've set up DHCP for 2nd NIC 10.0.0.3-10.0.0.249.
Now, I don't know how to define things so DSF-LS won't start blocking things for the net. The point now is to allow everything, even dangerous content to the computers. Of course, I don't want DSF-LS hacked, or attacked.
It's been a long time since I last used linux, and I'm a bit behind the times. Is there a simple way to set it as a transparent gateway? All I want for now is to monitor every single packet through the net (I'm using ethereal. If there's a better one, advices are always welcome!).
The first and 2nd NICs are configured in the same way (ip 10.0.0.250, default gateway 10.0.0.1, DNS are ISP's).

Any ideas would be helpful. Not sure if my post is clear enough. Any subsequent doubts, please post and I'll clear them as possible.

1. Is DHCP working?
2. What do you mean by "The point now is to allow everything, even dangerous content to the computers."
3. The firewall will not filter "content" like say a web filtering software like websense
4. Configure IPTABLES to open/close any TCP/UDP ports needed.
5. If you need a GUI to open/close firewalls try www.webmin.com
6. Ethreal is good, but check out www.nagios.com

1. Not sure if it is, as I haven't placed it between the router and LAN yet. I am just configuring it. However, the pc stopped accessing the internet once I added the second NIC. How do I set up one NIC for communication with the router only, and the other for LAN only?
2. Right now, we want to monitor the net as if the linux pc wasn't there. So everything that was allowed before must still be allowed now, so we can see exactly what it is, and who is using it.
3. I am aware of that. I would start searching for a good program for that, once I got the pc monitoring the net. If you have some advices about that, I would also appreciate it.
4. As I said in 2, I want the firewall to block only connection that relate to the linux pc, and let everything else go by, even if it's malware. Once we set the pc to block, I can manage the firewall (hopefully!
5. I don't think the problem is with the firewall itself. But btw, our main goal, besides some content blocking, is to block programs like Kazaa and Imesh, which change ports dinamically, and will even use port 80 if everything else is blocked. I know that an IPTABLES firewall can block that through the packet header. I was thinking of using SUSE Firewall, since it already comes with the OS, but do you have any other advices as well?
6. Thanks, I will check that once I get the pc working.

My main goal for now is for the linux pc to monitor the net as if it wasn't there. That is, the router and other pcs don't notice it is there. I want a transparent gateway, if possible.

Thanks for the reply.

Ok, I finally managed to get it working. This article helped me a lot: http://www.novell.com/coolsolutions/feature/16022.html

As for the webcontent and firewall advices, I would still like those.
Thanks for all the replies!

EDIT: I'm not sure if the firewall is now blocking dangerous packets to go through. But on second thought, we don't want to go on a crusade to catch abusers. We're happy if we just stop the abuse. So I'll start configuring the firewall soon.