* eim <email@example.com> [2001.10.22 12:44:03+0200]: > Is this a good choice ? or should I put another machine in my > Network, between the Gateway and the Servers, which acts as Firewall ? what's a firewall for you? a packet filter? you can surely install a packet filter on every box. iptables of kernel 2.4.x is even more than a packet filter (strictly speaking, even ipchains is), as it can go up to application level for specific protocols. so sure, iptables will be a firewall for you, which you can set up on every host... *but*: do you want to maintain three different ones? if i were you, i'd set up some old pentium or even 486 with a minimal install of debian (or openwall, or smoothwall, or openBSD), which does NAT for your IPs (not MASQ, since you *have* IPs), and which runs kernel 2.4.12 with a fancy iptables setup. -- martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:" net@madduck it's as bad as you think, and they are out to get you.
Description: PGP signature