Hi Max, There is no "this is the best solution", it depends on what kind of services you're running in the DMZ. If it's just ftp, mail and web then it's ok to set up a single firewall. If you want to run Samba, NFS and other more complex services I would suggest your first solution with 2 firewalls because of configuration errors. It's not automatically safer because of the 2 firewalls, but it will prevent potential administrative errors (like setting the wrong rules to the wrong nic ...) Try to set up a sample configuration and scan all the firewall's ports (from all networks) and decide for yourself. cheers, Stefan -----Ursprüngliche Nachricht----- Von: Max Lindner [mailto:ml@lofl.de] Gesendet: Dienstag, 15. Jänner 2002 20:30 An: suse-security@suse.com Betreff: [suse-security] How many firewalls? Hi! I want to set a up a DMZ in my school. The only thing I want to know, is: - Internet -> HARDWARE-ROUTER -> FW -> DMZ -> FW -> Intranet or - Internet | | Hardware-Router | | | FW DMZ _______/\______Intranet (I hope, this ascii art is good enough... :-/) Our school has no good connection and low traffic but this is for a skilled work (the german term is 'Facharbeit') and so I want a really secure thing (no, I won't cut the cable ;-D). Any comments or proposals? Thanks, Max -- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com