> What I am try to figure out is what exactly is > the safest configuration.
> What seems to be the last remaining question is > whether I want to route all internet traffic > through my single server or whether I should not. If you have a hardware firewall, routing all traffic through a dedicated software firewall isn't going to help you much and may introduce problems because you will need to remember to make configuration changes twice. It also adds another component that can be a single point of failure. If you have a hardware firewall in the budget, here's what I'd likely do... INET --> Router --> Firewall --> Switch/HUB --> Servers The "Firewall" here can be either a dedicated hardware firewall (Sonicwall, PIX, etc.), or a dedicated server with a software firewall on it. I've used OpenBSD with a software firewall (pf or ipf I forget which) and interface bridging before and it works well if you have a relatively small group of servers to protect and have the time to dedicate to learning the software. If you have the money I'd go with a hardware appliance though for a variety of reasons. ----------------------------------- Justin D. Scott Vice President Sceiron Interactive, Inc. www.sceiron.com [EMAIL PROTECTED] 941.378.5341 - office 941.320.2402 - mobile 877.678.6011 - facsimile ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:193994 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54