If you really want to run web, dns and mail, you should have a third box do that. That box should be on a separate ethernet segment from the internal net, so you need a third card in the firewall. You could probably run VMware on dwarf and put the firewall in one virtual machine and the servers in the other. That would save a machine. (I may try that myself no that I've thought of it. I have the machines, but I'm having heat disapation problems in the server room.)

You can't be too paranoid in this case. I the past 10 days there have been root exploits circulated for both apache and openssh. You don't want those services running on a machine that is not sacrificial. A hole in bind shows up about once every 2 years. sendmail has been good for a while, but you never know.

NFS will not be accessible from the Internet; only from the LAN. I just have to figure out how to translate my ipchains rules into PF rules. (Which will be one of the last things I do, along with setting up pppoe.)

dwarf already has two NICs because it's my current firewall (and everything else) box. pegasus also has two NICs, because it's replacing dwarf in that service.

I don't have the space at home to have 3 servers (firewall, NFS, internet services). The cost of 3 servers that I can't afford is the infrastructure, not the money. (Except insofar as money would be required to buy a new house.)

dwarf is not going to run VMWare. I couldn't even get the RAM over 64MB because adding a second SIMM would require either dismantling the case or some sort of special "working at 90 degree angles and still having enough power to move stubborn stuff" tools that I've never seen. Besides, I'd never trust servers in VMWare. I'm not sure what I'll do with dwarf when this is over; it may go into service as a generic Linux web browser box, replacing the P-75 that my parents gave me a couple years ago.

I'm well aware of the OpenSSH and Apache exploit announcements.

I run qmail, not sendmail.

So far, I've got OpenBSD installed, cvs updated the source, rebuilt it all (took about 2 hours including the kernel), and installed most of the basic packages that I'll need (like ntp). Installed qmail from source and copied configs over from dwarf. Copied my Ogg and MP3 files from dwarf's 40 GB disk (which takes about 24 hours).

Still to go: copy user home directories and accounts/passwords and make pegasus the NFS server for /home, install squid proxy, configure virtual domains on apache and copy web sites over (at least static stuff), configure DNS, configure firewall and pppoe and NAT, reassign the IPs, turn over firewall/NAT service to pegasus, and turn over DHCP service for the Windows client. Plus anything else I forgot.