> Questions: > 1. Can I put the VPN router behind the linux firewall and > just route VPN traffic from outside the network to the VPN > router? Yes. Give the VPN router a private IP on one interface and put it on the internal network. Shutdown the other interface, you don't need it anymore. Map an external ip on the firewall to the vpn router's ip on the inside. I assume the vpn router is pptp, so you need to put in rules to allow GRE packets to the vpn router (I think it's protocol type 42), and allow port 1723/tcp. It should work. Make sure you remove the the pptp.o module in the firewall if you have it, this is for outgoing connections only and may mess with your setup. If everything works, you can put it back in. If you're using IPSec, you'll need to open some other ports. Let me know if this is the case. >2. Does the VPN router need IPs on both interfaces? > If so, do you set up private IPs for both interfaces and > bridge between them? No, like I said above, just don't use the other interface, shut it down. Jay