[Gllug] Linux Firewall

Chris Bell chrisbell at overview.demon.co.uk
Wed Jul 20 07:58:10 UTC 2005


On Wed 20 Jul, Simon Morris wrote:
> 
> On Wed, 2005-07-20 at 03:32 +0100, Paul Kathro wrote:
> > Hi guys,
> > 
> > I'm about to start a project which needs a cheap but effective
> > firewall.  I
> > have been reading conflicting reports regarding application proxy
> > firewalls
> > and was was hoping to hear some of your opinions on the subject.
> > 
> > The one server behind the firewall to begin with will be a LAMP web
> > server
> > hosting about 6 sites.
> > 
> > Is a proxy server the way to go here or should I be sticking to
> > stateful
> > packet filtering?
> 
> I would say you possibly need both either implemented in 2 separate
> devices or choose a firewall which also handles proxying.
> 
> A stateful firewall is going to be essential to prevent unwanted or
> dangerous connections to services that you don't want to offer to the
> internet, e.g. SSH
> 
> A Proxy (reverse proxy) isn't essential but it will take the load off of
> your webserver and let it get on with processing the dynamic content
> rather than serving static content such as images that could be served
> by the proxy.
> 
> A lot of big or busy sites use reverse proxies to increase the amount of
> clients they can concurrently support.
> 
> Thanks
> 
> ~sm

   If you can spare 30 minutes while you think about the perfect system,
install IPCop in an old box. The main problem I find with any old 486 is
that it is unlikely to have a USB port for a standard BT ADSL modem, but no
problem with speed yet. Anything more recent is a bonus, and may be wasted.
   There is provision for up to 4 interfaces, (external, DMZ, wireless, and
protected). It contains a packet filter, snort intrusion detection, time,
DNS, proxy, DHCP, masquerading, port forwarding, etc, and is easily updated.

www.ipcop.org

-- 
Chris Bell

-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list