now i have SuSE 7.3 with the latest patches (kernel is the default that comes with the installation)
Isn't that one susceptible to the SYN-Cookie vulnerability? If so, you might want to deactivate them.
and i intent to use SuSEFirewall 2 on a dual pentium 450mhz with 128mb ram
Does anyone know if the Linux kernel or, more specifically, netfilter actually benefits from a multi-processor box? I wouldn't expect it to, but I haven't looked at the code (nor am I a coder of any worth).
now the question is how can i do so that i have about 40 servers with private addresses in the inside
with all sorts of services starting from ftp, telnet, ssh, dns, pop, smtp, imap, stream, http, sms, terminal services, pptp, etc etc
how can i configure about 128 IP addresses with NAT to private internal addresses to all ports and port restrictions
and what is the most feasible setup
Well, you're out for opinions, so here's mine. I try to avoid NAT where I can. IMHO, it makes things easy in the short term when prior planning of IP layout was short-sighted and has failed and IP system administration is bad as well and the cost of modifications is high. It doesn't solve the problems but only reduces the impact of the symptoms. However, NAT is complicated and confusing, and thereby tends to turn into an administrative nightmare of its own after a while. Add to that the problems that numerous protocols have with NAT and which force you to use helper applications (the kernel nat modules) that I have rather bad feelings about in general concerning their security, and which quite often don't get the protocol working as (well as) it would without NAT. NAT is fine in small scenarios, where the cost of official IP addresses matters (this means all you home users), where you can't use proxies instead or where substantial cost can be avoided by introducing it (such as connecting a couple of networks of two administratively independent organisations, but that's quite a can of beans in and of itself, security-wise). Tobias