Hi list, I have multiple dedicated servers at a provider that does not offer a firewall. Nor is it possible to get a second network interface for one of the servers and configure it as a firewall. I was therefore thinking of reconfiguring one of the servers as a firewall with a physical interface to the outside world and a virtual interface to the inside. The internal interface of the firewall and all servers would be assigned a private IP address. The firewall would perform DNAT for the servers. What are your security concerns about this setup? Note: I really need a firewall for the servers because they are running Win2K & Win2K3. The setup is like this: # # # eth0 (public IP) #################### # # # FIREWALL # # (performs DNAT) # #################### # eth0:0 (private IP) # ## ## (private IP)# # (private IP) ########## ########## # # # # # SRV1 # # SRV2 # # # # # ########## ########## thanx, Lukas