> doable, but not adised, a firewall should be single purpose, most servers > should be single purpose where possible. But then this is not often the case. > But a firewall certainly should be a single purpose system much like a router > is, they do similair work anyways. Having many servers has two disadvantages: Power consumption and administration expense (you gotta install and upgrade each of them). A "service split" [for load balance] is not bad, but you can also overdo it. > putting a web servers on the firewall makes the firewall and the whole internal > network subject to any issues that the web services now face, plus you now have > to allow naother set of ports/protocols directly to the system and not merely You don't run a webserver with root. Jan Engelhardt --
