I have a custom open source firewall/router in place that offers me the ability to add seperate segments with different access privilages from the Internet. For instance, I have a segment just for DMZ, another for Wireless, and another for LAN machines. I am practicing installing and administering SBS in a virtual environment that has access to the Internet. I can't find a single opinion that helps me to make up my mind on the placement of the server. Some say it is a bad idea to have only one box with Exchange, Sharpoint services, ISA, and the DC all on one box if it is accessible from the internet. Isn't this the whole point of SBS? I understand that it is more risky because if the one box is comprimised, then the entire network is open to intrusion. I thought the placement of an Internet facing firewall/router such as I have set up might make compromise a bit more difficult. I assumed this because one would have to defeat and discover the actual internal addresses of two internal segements which are disguised by NAT. Another told me that have two firewalls achieves nothing since, on the first firewall, all neccessary ports are open to the external side of the SBS server. Are my assumptions in error? Finally, I have the SBS box running, and completed the to-do lists. I opened all necessary ports forwarded to the external NIC of the SBS. I can do a port scan from the internet and all ports are accepting connections. I can sent a test message to the Exchange server and it is recieved. I can access sharepoint, OWA, and other services from the internal network by using either the internal address of the server or the FQDN. When I try to access the server from the internet however, all services seem to be blocked. RRAS on the SBS says the box will accept those internal requests but I still have no luck. Any suggestions what to check next?