firewall dillema

[Joel Dudley]

Ok,
    I am sure that everyone is sick of my firewall questions, but hear me
one last time.  I have winblows workstations on the public LAN having
private non-routable IP addresses (192.168.0.0)  they sit behing a Linux
IPCHAINS IPMASQADN firewall that has one private NIC and one public NIC.  on
the other side of the firewall lies the DMZ where web, mail, DNS, etc
servers lay.  And of course the have public routable class C IP's.  Now,
they cranky and not so security minded users who have more pull than the
poor network admin


anyway I have two options (I think).  Put a public NIC in each of the DMZ
machines.  My only fear is that someone gets in and hacks the routing tables
and viola!  welcome to my network.   I can also allow nbsession (137/9)
through the firewall.  Allowing only the local workstations to map drives in
the DMZ.  I would lose NT domain architecture but who cares.   I am just
stumped on how to achieve the latter solution.  Anyone have experience in
this?  A sample script perhaps?  Thanks in advance and I hope this is my
last firewall post.

A forever indebted newbie

- Joel