Finally, I'd really like to lock this all down with a certificate system like I have my ssh server locked down. On ssh, I have root logins and passwords logins completely disabled. Only certificate logins are allowed, plus I have denyhosts running to ban any repeat brute-force offending hosts. Any wiki on how to accomplish this?
== Backing up iptables ==
I made a mess of setting up the bridging and had to reverse the changes. The most challenging part of this was restoring iptables to its previous condition. How much easier it would have been if I had backed it up first:
# iptables-save > /root/ipt.save
# cat /root/ipt.save | iptables-restore