I am testing a virtual solution (XenServer based) where I have 3 virtual machines:
1) A firewall
2) A web server
3) A database server
All are linux based machines.
All 3 have public addresses in the same network (ex: x.x.x.50 (firewall), x.x.x.51 (web server) and x.x.x.52 (database server)).
The host has a single network card directly connected to the internet.
I want the firewall to block all the traffic except ports 80 to the web server.
I would like to know the best architecture recommended for such solution.