Thanks for your info RonM and gordonr !
Yes, my idea were to make a complete new firewall/routing implementation. The reson is not that I do not like the sme soulution, but rather that I have no idea how to make an implementation that will fit directly into the sme server "environment".
My problem is that the only small little thing I know a lilltle bit about is the firewall/routing part of it. Because of that my intention were to use a "sme server only installation" and then to modify that up to be a 3 or 4 network adapter installation.
I think that the firewall/routing part of sme 4.1 will be quite different from a simular impementation for sme 6.0/7.0 (2.2.x kernel versus 2.4.x kernel.)
On the other hand the more difficult part of it "how to implement a new firewall arrangement into the sme environment" might be rather simular. The info about the 4.1 is rather interesting.
Anyway, I think that to develop such a "multicard arrangment" will be a two phase project anyhow. First I think you will have to develop a firewall/routing solution, and when this is up and running and is working as expected, then it will come a project phase number two, how to impement this into the sme-server environment, server-manager, etc. To do the both things at the same time, I think will be very difficult.
That's the reason such a project should have more than one person, at least one that know about the iptables/firewall/routing things and at least one that knows about the sme impementation prosess. Somebody who actually need such a "multi security zone implementation" and who could make some testing if the actual requirements are met or not would also be a great resource.
Actually, I don't know for sure if the project can be done and work as expected, but I would believe so. As an example - for a while a go I put rather much work in a project to make a bootable sme USB memory stick installation, but this project newer worked. (An who would need a server that boots from a USB stick .. what a strange project... ) On the other side all other more or less "funny" sme modifications have worked, so I know that things can also work.
Don't know if I will try to do such a multizone project if there is no one exept than myself that want such a project to come true.
I think that there should noot need to be a question alternative 1 or alternative 2, the sme interphase or not, but rather a phase 1 and a phase 2, first the development of the firewall part of it and then the impementation of the firewall part of it into the sme server environment.
The reson why it can be done this way, is that the firewall/routing part of it (phase 1) will affect the configuration of the kernel only (I believe), and it will (should) not affect any of the server installation on a "sme server only", that basically and intentionally dos not have a firewall. (Have not tested 7.0, but I guess this is also the case for this distribution.)
I guess it should be possible to develop a fully working multi securityzone sme server installation (using a iptables configuration script only) and then to integrate this further into the sme server environment (and administration systems) as a next step 2.
By the way which other server do have such a functionality like all the sme server functions combined with a "multi security zone arrangement" ..
Well .. possible a Windows 2003 with a MS ISA server installation and the right configuration...
Just some ideas.
Best reg Arne.