In message <20010726144205.B17652-100000@turtle.looksharp.net> you write:

|> 1) They're faster.  This will be important if you're going to need to
|> ssh into the machine.

SSH isn't that bad. It's somewhat annoying on a 3/80, but anything
from a 4/60 (SS-1) upwards is OK.

|> 2) They have commodity expansions slots (PCI & PCMCIA) which are easier
|> to add a second interface to than Sbus.  This will be important for the
|> firewall.

Eh? What is so difficult about
- get a 501-2015 FSBE/S for $75 from your favourite used Sun dealer
- add /etc/hostname.le1
- shudown -h (init 0 or 5 if Solaris)
- plug FSBE/S into any SBus slot except the slave-only one in a SS-1
- boot (-r if Solaris)
?

|> The Multia's have one distinct disadvantage:
|> 1) They're far less reliable than the Sparcs.

I don't have experience with Multias, but I think it would be very
difficult to find hardware more reliable than those old sun4c's.

|> Use a Multia for your firewall.  Allow ssh access to the firewall
|> machine, from which you can use r services on your private network.

I wouldn't trust my firewall for r services. After all, the firewall
is there to protect my network, if necessary by sacrificing itself.

|> a couple of sparcs for your other servers, with the fastest sparc
|> with the most RAM and disk drawing the job of webserver.

If you think you might like to play with SSL or servlets on the
web server any time in the future, don't use a SS-1/1+/2. SSL is
annoyingly, Java just horribly slow. Been there, done that
(SS-2, SunOS 5.7, Apache, mod_ssl, JServ/tomcat) - just about
unusable.

|> The firewall
|> won't need much more disk space than the couple hunded megs a default
|> install of NetBSD takes up.

Don't use a default install for a firewall. Strip off everything
you don't need, especially stuff like compilers, emacs, X windows.
A stripped down install might not use more than a hundred megs.
If possible, put /usr and / on read only media (CDROM, or a ZIP
with hardware write protection).

	vb