[Gllug] Linux Firewall

Simon Morris simon.morris at cmtww.com
Wed Jul 20 07:16:01 UTC 2005


On Wed, 2005-07-20 at 03:32 +0100, Paul Kathro wrote:
> Hi guys,
> 
> I'm about to start a project which needs a cheap but effective
> firewall.  I
> have been reading conflicting reports regarding application proxy
> firewalls
> and was was hoping to hear some of your opinions on the subject.
> 
> The one server behind the firewall to begin with will be a LAMP web
> server
> hosting about 6 sites.
> 
> Is a proxy server the way to go here or should I be sticking to
> stateful
> packet filtering?

I would say you possibly need both either implemented in 2 separate
devices or choose a firewall which also handles proxying.

A stateful firewall is going to be essential to prevent unwanted or
dangerous connections to services that you don't want to offer to the
internet, e.g. SSH

A Proxy (reverse proxy) isn't essential but it will take the load off of
your webserver and let it get on with processing the dynamic content
rather than serving static content such as images that could be served
by the proxy.

A lot of big or busy sites use reverse proxies to increase the amount of
clients they can concurrently support.

Thanks

~sm
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list