Lukas Feiler wrote:

Hi list,

I have multiple dedicated servers at a provider that does not offer a firewall. Nor is it possible to get a second network interface for one of the servers and configure it as a firewall. I was therefore thinking of reconfiguring one of the servers as a firewall with a physical interface to the outside world and a virtual interface to the inside. The internal interface of the firewall and all servers would be assigned a private IP address. The firewall would perform DNAT for the servers.

That won't work or at least don't provide security. First of all, think about another provider. Second: try openvpn and setup a vpn from every Server to your Linuxbox and route all traffic thru it. If you're able to configure your windows that it only accepts traffic from and to your other server it should be the most security you can get in this setup. Notice: on aliased interfaces you can't set rules or whatever with iptables. It always matches for the main interface and so all aliases, too. Aliased interfaces are just more ips for the same interface, not a second interface like eth1 is. Hope that helps. Regards, Sven PS: for a new provider, you can ask me by privat mail, if you need ;-)