Port Forwarding vs. Running Servers on Firewall

Joe Hill joehill-rieW9WUcm8FFJ04o6PK0Fg at public.gmane.org
Thu Sep 4 20:55:20 UTC 2003


On Thu, 04 Sep 2003 16:30:05 -0400
CLIFFORD ILKAY <clifford_ilkay-biY6FKoJMRdBDgjK7y7TUQ at public.gmane.org> uttered:

> If port 80 on the firewall is forwarded to a host with a private IP on
> the LAN, it can be seen from the WAN. That is whole point of port
> forwarding, is it not?

But *only* port 80 can be "seen", and if you are not doing any server
side applications, all traffic is outbound anyway, like Fraser said.

> >You want a firewall that does port forwarding, network address
> >translation, and stateful traffic inspection (IIRC).
> 
> Right, but that does not address the question of why it is good
> practice to run only firewall and routing services on the firewall
> instead of running httpd, etc. Running a bunch of services on the
> firewall does not preclude one from having all that good stuff you
> listed.

Goes back to what you said about a "layered" defense, but point taken.

-- 
JoeHill
Registered Linux user #282046
Homepage: nodex.sytes.net
++++++++++++++++++++++
He who despairs over an event is a coward, but he who holds hopes for
the human condition is a fool.
		-- Albert Camus
--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml





More information about the Legacy mailing list