mailing list archives
Reasons for using an external firewall
From: "John P" <john () pmbbs demon co uk>
Date: Sun, 17 Nov 2002 23:10:04 -0000
I am about to set up two servers (one web, one DB) colocated in a
Both will be Linux or BSD boxes (haven't decided yet!) running Apache,
MySQL, DNS (bind/djbdns) and SMTP (probably qmail).
Previous networks I've set up have always been using NAT or similar, so
necessitating a dedicated firewall/NAT device which has usually been a linux
However in this setup, how much extra protection can an external firewall
give? The machines have to have open ports portforwarded through any
firewall (80/25/etc) and I assume would remain exploitable to buffer
overflows, bug exploits etc. I could restrict access to the other open
system ports and services by turning them off, using ipchains/ipfilter and
hosts.deny etc. DoS situations would be difficult to protect against even
with an external firewall.
What extra security will an external firewall actually provide? I suppose
other nice features like VPN, etc, but what else? It's quite a busy site, so
could ipfilter generate quite a lot of load, which could be shifted onto a
Any tips or suggestions appreciated!
- Reasons for using an external firewall John P (Nov 20)