Security Basics mailing list archives
Reasons for using an external firewall
From: "John P" <john () pmbbs demon co uk>
Date: Sun, 17 Nov 2002 23:10:04 -0000
I am about to set up two servers (one web, one DB) colocated in a datacentre. Both will be Linux or BSD boxes (haven't decided yet!) running Apache, MySQL, DNS (bind/djbdns) and SMTP (probably qmail). Previous networks I've set up have always been using NAT or similar, so necessitating a dedicated firewall/NAT device which has usually been a linux box. However in this setup, how much extra protection can an external firewall give? The machines have to have open ports portforwarded through any firewall (80/25/etc) and I assume would remain exploitable to buffer overflows, bug exploits etc. I could restrict access to the other open system ports and services by turning them off, using ipchains/ipfilter and hosts.deny etc. DoS situations would be difficult to protect against even with an external firewall. What extra security will an external firewall actually provide? I suppose other nice features like VPN, etc, but what else? It's quite a busy site, so could ipfilter generate quite a lot of load, which could be shifted onto a dedicated firewall? Any tips or suggestions appreciated! Cheers John
Current thread:
- Reasons for using an external firewall John P (Nov 20)
- Re: Reasons for using an external firewall Paul Cardon (Nov 21)
- Re: Reasons for using an external firewall Steve Bremer (Nov 21)
- Basic rules for IPTABLES protection Erick Arturo Perez Huemer (Nov 25)
- RE: Basic rules for IPTABLES protection Michael Sconzo (Nov 26)
- Re: Basic rules for IPTABLES protection Patrick Benson (Nov 26)
- RE: Basic rules for IPTABLES protection BurntCircuit (Nov 26)
- Need Help Building Linux Based Firewall Khuzairi Yahaya (Nov 27)
- Re: Need Help Building Linux Based Firewall Johannes Ullrich (Nov 28)
- Re: Need Help Building Linux Based Firewall Jason Dixon (Nov 28)
- Re: Need Help Building Linux Based Firewall phani (Nov 28)
- Basic rules for IPTABLES protection Erick Arturo Perez Huemer (Nov 25)