We recently implemented Paralells, plesk. You cannot NAT Plesk containers. All containers are public IP's. The class C public IPs sit on the colo's router and then this plugs into my switch using a cat5 cable the colo facility provides. The servers are plugged into the switch too, all having public IP's. I can certainly put a firewall in place and change the gateway on the NIC's on the servers and have the outbound traffic pass thourgh the firewall. The QUESTION is about inbound traffic, how can you have the firewall filter inbound traffic, when it is all public IP broadcast traffic?