Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
I`m going to build a firewall solution for my network so i have looked sand found 2 distros that can work for that SmoothWall and IPcop , i didn't get some much luck with IPcop so i will go with SmoothWall. the thing is that i have many web servers behind that wall so how can i access those web server when i will have only one ip to access my network which will be my firewall ip and the port forwarding ability , which will forward all traffic that will come to me on lets say port 80 to only one machine behind the firewall , i have thought about that , and thought i could use a central web server and redirect . or maybe some proxy ( i really don't know much about that ) , but i think there must be some other more convenient solution . so please help guys ....
This is a typical situation of a reverse proxy.
You setup the server accessible from outside as a reverse proxy and through this you can access the backend servers. Apache, squid or nginx can all be configured as reverse proxy servers, so you can use the one you're more familiar with.
Apache, squid or nginx can all be configured as reverse proxy servers
Right - and in this context it is AKA an "application-layer firewall".
As for which you should choose, just my own comments: Squid is more robust and featured as a reverse proxy. However, with Apache web server you can leverage mod_security, which may give it a real advantage here. (I have always intended to tinker with nginx, but haven't gotten around to it yet. My limited understanding is that nginx provides consistent performance in super high volume environments.)
I second anomie's opinion about nginx.
It's very good for sites that are going to have a big load. In fact LQ also uses nginx. The only drawback in my opinion is its configuration that's a bit cryptic.
Apache can do well in more normal circumstances. I've used apache as reverse proxy in many situations (in front of 4-5 tomcat servers, or for some proprietary webmail/portal applications) and never had problems. Besides since I use apache a long time I'm most familiar with its configuration.
Regarding squid, I cannot tell how it does as a reverse proxy because never used it as such, but I guess it does good. After all it's specifically designed as a proxy server.