Limitations

["Tim" <twr () bellsouth net>]

Hey ppl,

A little help, please. I have some limitations in what and where I can make my installations on for Snort and utilities 
and in need of some expertise from those who have had similar problems.

This is my set up: DSL coming into a Cisco 806 router which is connected to the first (eth0) of three interfaces on a 
Linux RH 7.3 box strictly running my firewall (iptables/net filter). The second (eth1) interface is for a DMZ which is 
populated with an Apache web server and a mail server.
The third (eth2) interface is for my LAN with a couple of NT domain controllers, M$ SQL server, a couple of Citrix 
servers and a box running some of the services for the LAN. Obviously there are two switches that interconnect the 
subnets. I'm limited to how many boxes I can configure for an IDS system. It would seem like such a waste to run 
separate machines for the different programs in order to effectively run an IDS system.

My question: Is it possible to install three (maybe four for management) interfaces on one box and install the Apache 
Web Server, MySQL, Webmin, ACID and Snort, in other words, have all the necessary installations in order to run snort 
and monitor the external, DMZ and internal interfaces on the firewall from one box? Is this possible? I'm very limited 
to how many boxes I can use in order to effectively monitor/learn what is going on with security on my network. I would 
like to hear from those who have effectively done so and hear the pros and cons to why this could or could not work. 

Thanks in advance for any insights.

Sincerely,
Tim -- Mia/Fla