Public and private NIC for web server
I am very new to Linux as well as this forum. I have been very impressed so far how much great information and support there is here. I have been trying to find the answer to my question from previous posts, but as of yet, I have been unsuccessful and have conceded to post the question.
Some background. I am in the process of converting my companies current website to a new platform. The system we currently used is a closed Linux product call a OneGate 1000 made by a defunct company called Freegate. It is a great product in it's simplify, but I worry about the hardware. I also don't want the risk of migrating to a Windows IIS environment, I want the stability and security Linux provides.
After some reading and input from here, I have chosen to go with CenOS 5.3. I am looking to only host one website with basic capability at the start. I will need to run servlets at some point, but I need to walk before I run. Anyway, to my question. I am accustomed to having two NICS on a server that is exposed to the outside world. One on the public side and one on the private side of my network. I want to be able to do all the admin stuff on the private side and only expose HTTP and FTP to the public side. I have read several LAMP install guides, but they all only refer to a single NIC which always shows a private IP. All that said, I'm struggling to know how to conceptually configure the environment. Is this simply a firewall configuration issue or is there more to it?
I apologize ahead of time if I have not provided enough info or background.
From the linux server standpoint, it's just a matter of assigning the appropriate addresses to the adapters. From the HTTP server standpoint, it's a matter of configuring it to bind to or "listen" to the public facing address. Further out from the physical server adapters, it becomes a network infrastructure concern. But since you say you are accustomed to the dual NIC scenario, you know that you just duplicate those connections on the new server using the old as examples.
Personally I wouldn't bother running a private/public nic setup, I prefer some redundancy so would configure them as an active/passive bond (depends on your network configuration). Access to the web server can be controlled via firewall rules rather than physical cabling,
eg. any -> webserver:80
any -> webserver:21
trustednet -> webserver:22
just my 2c
|All times are GMT -5. The time now is 11:10 PM.|