Hello, at the moment I have the following Setup: Internet | | Cisco Router | | Firewall(SuSE 6.2) -- Webserver(SuSE 6.3) -- Proxy (SuSE 6.3) Mailserver | | --- internal network The firewall serves as a packet filter. The Web-/Mailserver and the Proxy are each connected via an public ip. The clients from the internal network are all masqueraded with the proxy ip, even if one of the clients do not use the proxy. Is it possible to have all public ip´s connected to the firewall´s ethernet device from which they are routed to the webserver and proxy(and the clients on the internal network as well). My approach is to have only the firewall directly connected to the internet and to give even the web-/mailserver and the proxy only internal ip adresses. I think this would be more secure?! Sorry for my bad english and my (not) understanding of firewalls and security! Thanks in advance Dustin