Quoting fredex <fredex at fcshome.stoneham.ma.us>: > And you really shouldn't be running web- or file-servers on your firewall, > the more stuff running on it the more opportunities you present for an > evil person/entity to crack it. While this is generally good advice, for a small home network it is not always practical (which I guess Josh is running). I mean, how many machines you want running in your basement? I've got handfull of $20 machines in my basement currently. But that's just because I have a) a nice big basement and b) live in Manitoba, the place with cheapest electricity in North America. However, soon I'll (probably) have no basement at all, and will be in a place with probably the most expensive electricity in North America, and I'm seriously considering consolidating everything and bringing the count of "infrastructure" machines down to one. Virtualization might be a good tradeoff between security and comodity in this case. Two phisical networks (to inside and to outside) and one completely virtual network (for DMZ), with virtual machines performing the tasts of firewalls and servers. However it would require nice beefy box to run smoothly. And I'm not sure if I want to replace my $20 machines with $1000+ machine. I'd rather use that money to buy Civic Hybrid or Prius (Tesla car would be nice too, but it is a bit above my price range) and drive to work in carpool lanes ;-)