No offense but what kind of moron develops on a production box??? ..... Windows one.... The Wolf p.s. Definatelly you should have DMZ for this one. Mike have outlined it perfectly. Joel Dudley wrote: > I am seting up a firewall for work using the standard > squid/ipchains/marquerade setup. Our e-commerce servers are going to be on > the public side of the firewall, they all run IIS on NT because our product > is written in visual fox pro. Now the programmers on the private side of > the firewall are going to want to be able to map drives on the public > servers to change data. I told them that this is a no-no and that they > should just use the development server I set up to make changes. Turns out > they wont listen to me and the boss agrees with them. I beleive that all NT > domain control will go out the window when I implement the firewall (if i > set it up right), so all of the servers will reside in their own isolated > "commerce" domain. is there any way I can allow this wondoze freaks to map > drives accross tis network without comprimising too much security? maybe I > sould just allow ftp access accross from the internal network. Thanks for > any ideas on this situation. > > - Joel > > _______________________________________________ > Plug-discuss mailing list - Plug-discuss@lists.PLUG.phoenix.az.us > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss -- "The questions is not if we are paranoid, the question is if we are paranoid enough."