Our organization is about to make a connection to the internet. I had originally expected to have the router (with the incoming T1) to also act as the firewall for our network. I would much rather have a second system handling security. Here is what I have in mind: ---T1--------X (Cisco 25xx router) | |--------------------------| | | (firewall) (public server) | | ...corporate network(s)... I am more than just a little ignorant of how firewalls work, but from my understanding, packets from the internal network are sent to the firewall first, and once they are outside the network, they look as if they originated on the firewall. Inbound packets from the external network, are addressed to the firewall. Our mail and other services would reside on a publicly accessable server. Please tell me what misunderstandings I have about how firewalling works if I have this all wrong. I am familiar with SCO, Solaris and Linux. I run Linux 1.1.95 and 1.2.1 which have IP firewalling support within the kernel. What software can I use to utilize that support? I have read the firewalling FAQ and it was very vague. If I am wasting bandwidth with this message, can someone point me to more enlightening documents?