Port Forwarding vs. Running Servers on Firewall
Keith Mastin
kmastin-PzQIwG9Jn9VAFePFGvp55w at public.gmane.org
Thu Sep 11 18:39:16 UTC 2003
> If the purpose of this question is to avoid having to run the firewall
> and the internet services server on separate machines, what about
> running the email, web or whatever servers in user mode Linux 'jails'
> within the firewall, or maybe visa versa?
Jails will make it harder to crack out of a service into the main system,
but it's doable. The whole point is to make the firewall as impervious as
possible, which is in contradiction to the functions of a server. running
servers on the firewall presents an easy single point of failure to your
network, your security and your users security. If there's a better way
that's resonable, I would say doing it anyway could be irresponsible in
the long run.
Check out esmith.org. There's also clarckconnect, and more, but it's a
long list. All of them share the single point of failure weakness. Are
they hackable? Check them out with nessus and judge for your self.
Put one of these behind a little firewall/router do-hickey from netgear,
linksys or any other favored vendor for less than $100 and you should be
mostly okay. That would be my least-expensive-to-deploy recommendation.
--
Keith Mastin
BeechTree Information Technology Services Inc.
Toronto, Canada
(416)696 6070
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list