Port Forwarding vs. Running Servers on Firewall
Joe Hill
joehill-rieW9WUcm8FFJ04o6PK0Fg at public.gmane.org
Thu Sep 4 20:55:20 UTC 2003
On Thu, 04 Sep 2003 16:30:05 -0400
CLIFFORD ILKAY <clifford_ilkay-biY6FKoJMRdBDgjK7y7TUQ at public.gmane.org> uttered:
> If port 80 on the firewall is forwarded to a host with a private IP on
> the LAN, it can be seen from the WAN. That is whole point of port
> forwarding, is it not?
But *only* port 80 can be "seen", and if you are not doing any server
side applications, all traffic is outbound anyway, like Fraser said.
> >You want a firewall that does port forwarding, network address
> >translation, and stateful traffic inspection (IIRC).
>
> Right, but that does not address the question of why it is good
> practice to run only firewall and routing services on the firewall
> instead of running httpd, etc. Running a bunch of services on the
> firewall does not preclude one from having all that good stuff you
> listed.
Goes back to what you said about a "layered" defense, but point taken.
--
JoeHill
Registered Linux user #282046
Homepage: nodex.sytes.net
++++++++++++++++++++++
He who despairs over an event is a coward, but he who holds hopes for
the human condition is a fool.
-- Albert Camus
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list