OK... I am having trouble deciding what to do. I have a cable modem (35Mbs down, 5Mbs Up) with 5 static IP's. I have a web server, and a SQL server. they obviously both need each other to work with my website. I dont really have the cash for a hardware firewall.. so do i make the web server on a public IP, and put a 2nd network card in and add a route to the SQL server to retrive data? Or do i make them both public?

Usually with business cable accounts with IP blocks...what you think is a modem, is actually a modem/router gateway appliance..with options for NAT, IP mapping, etc. Have you double checked this?

If no cash for a router..do you have any somewhat older PCs around that you could install a *nix router distro on? Best option here...you can create a 3rd orange zone for your public servers.

Usually with business cable accounts with IP blocks...what you think is a modem, is actually a modem/router gateway appliance..with options for NAT, IP mapping, etc. Have you double checked this?

If no cash for a router..do you have any somewhat older PCs around that you could install a *nix router distro on? Best option here...you can create a 3rd orange zone for your public servers.

Well, it is a modem/router combo... a cisco 851 to be exact.. but of course, our douchebag cable company doesn't give admin access to the router. I do have some extra machines to do routing on... im not really too sure how to set up a linux router... im more of a windows server admin..

Right now i ended up putting my web server on public, and using windows firewall to only allow 80, and my exchange machine on public and only allow 80 and 25...

Yikes...2x servers on public IPs...
Why port 80 on the Exch box? OWA I only do 443. 80 is mucho high risk.
Are these multi-homed servers? I'd have those WAN NICs stripped down of services and locked down hard.
Why not keep them all behind NAT? Only opening/forwarding 80 to web, 443 and 25 to Exch?

You don't need to know linux at all for these distro routers, I'm Windows only. You download an ISO..burn to bootable CD. Boot from the CD..launches into an easy graphical setup wizard..holds you hand through the entire install. Once done...you manage the router through your web browser..just like any home grade router. Quite easy.

Yikes...2x servers on public IPs...
Why port 80 on the Exch box? OWA I only do 443. 80 is mucho high risk.
Are these multi-homed servers? I'd have those WAN NICs stripped down of services and locked down hard.
Why not keep them all behind NAT? Only opening/forwarding 80 to web, 443 and 25 to Exch?

You don't need to know linux at all for these distro routers, I'm Windows only. You download an ISO..burn to bootable CD. Boot from the CD..launches into an easy graphical setup wizard..holds you hand through the entire install. Once done...you manage the router through your web browser..just like any home grade router. Quite easy.

I really wish i could do this at the hardware level.. I have a linksys WRT54G router, but that thing only routes for 1 ip address to it's nat, right?

I really wish i could do this at the hardware level.. I have a linksys WRT54G router, but that thing only routes for 1 ip address to it's nat, right?
Yeah..with stock firmware. I'm not sure if some 3rd party firmware introduces this functionality..such as DD-WRT or Tomato. Mine died a bit ago...so can't log into it to find out.