Hi, You can use a personal firewall like ZoneAlarm or something (Attention: = If the servers are comercial use, you have to by a license). If you want to communicate safe between the servers use a vpn-connection = (ipsec, l2tp or ppp). Kind regards Markus Weber -----Ursprüngliche Nachricht----- Von: Lukas Feiler [mailto:lukas.feiler@endlos.at] Gesendet: Donnerstag, 8. Juli 2004 17:55 An: suse-security@suse.com Betreff: [suse-security] Firewall with one physical and one virtual interface Hi list, I have multiple dedicated servers at a provider that does not offer a firewall. Nor is it possible to get a second network interface for one of the servers and configure it as a firewall. I was therefore thinking of reconfiguring one of the servers as a firewall with a physical interface to the outside world and a virtual interface to the inside. The internal interface of the firewall and all servers would be assigned a private IP address. The firewall would perform DNAT for the servers. What are your security concerns about this setup? Note: I really need a firewall for the servers because they are running Win2K & Win2K3. The setup is like this: # # # eth0 (public IP) #################### # # # FIREWALL # # (performs DNAT) # #################### # eth0:0 (private IP) # ## ## (private IP)# # (private IP) ########## ########## # # # # # SRV1 # # SRV2 # # # # # ########## ########## thanx, Lukas -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here