Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I`m going to build a firewall solution for my network so i have looked sand found 2 distros that can work for that SmoothWall and IPcop , i didn't get some much luck with IPcop so i will go with SmoothWall. the thing is that i have many web servers behind that wall so how can i access those web server when i will have only one ip to access my network which will be my firewall ip and the port forwarding ability , which will forward all traffic that will come to me on lets say port 80 to only one machine behind the firewall , i have thought about that , and thought i could use a central web server and redirect . or maybe some proxy ( i really don't know much about that ) , but i think there must be some other more convenient solution . so please help guys ....
This is a typical situation of a reverse proxy.
You setup the server accessible from outside as a reverse proxy and through this you can access the backend servers. Apache, squid or nginx can all be configured as reverse proxy servers, so you can use the one you're more familiar with.
Apache, squid or nginx can all be configured as reverse proxy servers
Right - and in this context it is AKA an "application-layer firewall".
As for which you should choose, just my own comments: Squid is more robust and featured as a reverse proxy. However, with Apache web server you can leverage mod_security, which may give it a real advantage here. (I have always intended to tinker with nginx, but haven't gotten around to it yet. My limited understanding is that nginx provides consistent performance in super high volume environments.)
I second anomie's opinion about nginx.
It's very good for sites that are going to have a big load. In fact LQ also uses nginx. The only drawback in my opinion is its configuration that's a bit cryptic.
Apache can do well in more normal circumstances. I've used apache as reverse proxy in many situations (in front of 4-5 tomcat servers, or for some proprietary webmail/portal applications) and never had problems. Besides since I use apache a long time I'm most familiar with its configuration.
Regarding squid, I cannot tell how it does as a reverse proxy because never used it as such, but I guess it does good. After all it's specifically designed as a proxy server.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
Firewall and web servers
