On Sat, Jul 16, 2011 at 2:01 PM, Drew <drew.kay at gmail.com> wrote: >>> That being said, one should *never* create firewall with only one NIC! >>> It is highly unsafe. >> >> So I shouldn't run a firewall on any of my hundreds of single nic >> instances? > > I think he's referring to the standard router/firewall scenario where > the server is an internet gateway for a network. There I'd consider a > single interface system as inherently insecure. > > > -- > Drew > > "Nothing in life is to be feared. It is only to be understood." > --Marie Curie > _______________________________________________ well there's no real reason why a single NIC firewall should be insecure. We're all referring a normal PC (or even server) with CentOS installed on it, not a commercial firewall. If you setup different IP subnets on the same NIC and routing between them, the same way as between 2 NIC's then you'll still have the same level of firewalling. And I'm sure you could setup VLAN's on the switch for the different IP subnets to make it more secure as well. The one place where this is commonly used is with a PPPoE ADSL switch where the ADSL "firewall" establishes the PPPoE connection and then shares the internet to the LAN as well using the same ADSL modem's wifi connection. -- Kind Regards Rudi Ahlers SoftDux Website: http://www.SoftDux.com Technical Blog: http://Blog.SoftDux.com Office: 087 805 9573 Cell: 082 554 7532