LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 08-22-2007, 11:21 PM   #1
MykeV
LQ Newbie
 
Registered: Jan 2006
Location: North Carolina, Raleigh
Distribution: Ubuntu 6.10, Suse 10.2
Posts: 12

Rep: Reputation: 0
To DMZ or not to DMZ. That is the question.


What's up people! I got a simple question that hopefully there is a simple answer to.

I have stood up a FTP/File/Web server on a single box using Ubuntu's LAMP server distro. I also use IPCop's Firewall distro as my LAN's Router/Firewall. I want to know if there is a significant difference in placing the LAMP server in the Firewall's DMZ for public access or shielding the server behind the firewall and poking holes it to the services on the server for public access. Basically what are the pros and cons. Thanks.

Last edited by MykeV; 08-22-2007 at 11:24 PM. Reason: add tags
 
Old 08-23-2007, 05:35 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,564
Blog Entries: 54

Rep: Reputation: 2928Reputation: 2928Reputation: 2928Reputation: 2928Reputation: 2928Reputation: 2928Reputation: 2928Reputation: 2928Reputation: 2928Reputation: 2928Reputation: 2928
Check the docs first?: IPCop.org FAQs / main / DMZ
 
Old 08-23-2007, 07:39 PM   #3
MykeV
LQ Newbie
 
Registered: Jan 2006
Location: North Carolina, Raleigh
Distribution: Ubuntu 6.10, Suse 10.2
Posts: 12

Original Poster
Rep: Reputation: 0
Thx for the referral tip back to IPCops FAQ on DMZ's. However, IPCops assertion on how to setup a publicly accessible server is not the end all to be all. I was hoping to get differing points of views from the members or guests of this forum on what method they used for making their servers publicly available and why. I hope that makes my question a little clearer.
 
Old 08-23-2007, 07:45 PM   #4
docalton
Member
 
Registered: Dec 2002
Location: St Louis, MO
Distribution: Arch Linux
Posts: 99

Rep: Reputation: 15
Using a dmz gives you a bit more protection. Using a dmz, should your lamp server become compromised the firewall will help shield your internal lan from aforementioned nasties. This is all assuming the firewall is set up properly.

Hope this helps
 
Old 08-24-2007, 12:18 AM   #5
JimBass
Senior Member
 
Registered: Oct 2003
Location: New York City
Distribution: Debian Sid 2.6.32
Posts: 2,100

Rep: Reputation: 48
What docalton wrote is true. On the simple surface, a DMZ server is just as safe as a server on the LAN. In either case, you have the firewall with ports forwarded to machines behind it. Where the DMZ comes through as being safer is that when "properly" set up, the DMZ is on a both a separate subnet and ideally an entirely separate physical network from your LAN. That means in general, one line from the firewall to the LAN hub/switch, and another to the DMZ hub/switch, and no machine can be both on the LAN and on the DMZ.

The advantage of doing it this way is should somebody/something compromise the exposed server on the DMZ, they don't have access to the LAN. Generally, the LAN can access the LAN, DMZ and WAN, the DMZ can only access the DMZ and WAN, and the WAN can only see into the open addresses/ports on the DMZ, but has no direct access to the LAN.

Peace,
JimBass
 
1 members found this post helpful.
Old 08-25-2007, 12:47 PM   #6
MykeV
LQ Newbie
 
Registered: Jan 2006
Location: North Carolina, Raleigh
Distribution: Ubuntu 6.10, Suse 10.2
Posts: 12

Original Poster
Rep: Reputation: 0
Thx fellas i appreciate the feedback.
 
Old 10-02-2007, 02:12 PM   #7
archtoad6
Senior Member
 
Registered: Oct 2004
Location: Houston, TX (usa)
Distribution: MEPIS, Debian, Knoppix,
Posts: 4,727
Blog Entries: 15

Rep: Reputation: 231Reputation: 231Reputation: 231
Nice, clear answer, JimBass.
 
  


Reply

Tags
dmz, firewall, forwarding, port


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
question about iptables (DMZ machine connect to other DMZ machine 's publuic IP) wingmak Linux - Security 1 01-20-2007 05:01 PM
Network DMZ question svinka Suse/Novell 0 08-25-2005 05:50 PM
Static NAT / DMZ / VPN question Funky D Linux - Networking 1 10-22-2004 08:17 AM
basic DMZ Question toastermaker Linux - Networking 3 09-14-2004 07:28 PM
DMZ and ADSL router question mazzo Linux - Networking 1 03-03-2004 03:36 PM


All times are GMT -5. The time now is 11:03 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration