-   Linux - Security (
-   -   Firewall and web servers (

kubed_lovee 10-23-2010 04:52 AM

Firewall and web servers
Hi Guys

I`m going to build a firewall solution for my network so i have looked sand found 2 distros that can work for that SmoothWall and IPcop , i didn't get some much luck with IPcop so i will go with SmoothWall. the thing is that i have many web servers behind that wall so how can i access those web server when i will have only one ip to access my network which will be my firewall ip and the port forwarding ability , which will forward all traffic that will come to me on lets say port 80 to only one machine behind the firewall , i have thought about that , and thought i could use a central web server and redirect . or maybe some proxy ( i really don't know much about that ) , but i think there must be some other more convenient solution . so please help guys ....

bathory 10-23-2010 08:20 AM


This is a typical situation of a reverse proxy.
You setup the server accessible from outside as a reverse proxy and through this you can access the backend servers. Apache, squid or nginx can all be configured as reverse proxy servers, so you can use the one you're more familiar with.


kubed_lovee 10-25-2010 01:19 PM

thanks for your help

i will check that , but exactly which one do you suggest . that will do a better job .


anomie 10-25-2010 01:37 PM


Originally Posted by bathory
Apache, squid or nginx can all be configured as reverse proxy servers

Right - and in this context it is AKA an "application-layer firewall".

As for which you should choose, just my own comments: Squid is more robust and featured as a reverse proxy. However, with Apache web server you can leverage mod_security, which may give it a real advantage here. (I have always intended to tinker with nginx, but haven't gotten around to it yet. My limited understanding is that nginx provides consistent performance in super high volume environments.)

bathory 10-25-2010 04:42 PM

I second anomie's opinion about nginx.
It's very good for sites that are going to have a big load. In fact LQ also uses nginx. The only drawback in my opinion is its configuration that's a bit cryptic.
Apache can do well in more normal circumstances. I've used apache as reverse proxy in many situations (in front of 4-5 tomcat servers, or for some proprietary webmail/portal applications) and never had problems. Besides since I use apache a long time I'm most familiar with its configuration.
Regarding squid, I cannot tell how it does as a reverse proxy because never used it as such, but I guess it does good. After all it's specifically designed as a proxy server.


All times are GMT -5. The time now is 01:59 AM.