-   Linux - Security (
-   -   Linux Firewall Design Question? (

gensis 10-06-2004 12:26 PM

Linux Firewall Design Question?
Currently, i am living in an apartement building, i am paraonid after the DCOM worm ><;. I understand that having a DMZ is the best type of firewall design. I have a webserver and serveral personal machines. i really dont have extra money to pay for an another linux box. Do you think the firewall design would work?

Cable Modem=====> [linux firwall: 2 nics] ======>[webserver]===>[NetGear NAT Device *serves as the 2nd firewall] <==========rest of the network

LInux firewall 1: regular routeable ip 2: 10.0.0.*
NetGear NAT Device* 2: 192.168.0.*

Do you think this would work?

Thank you

qwijibow 10-06-2004 12:50 PM

that all depends on the firewall's rules !

also... install tripwire (or a similar program) and SNORT.

and make sure you are always running the latest version of apache web server.

Capt_Caveman 10-06-2004 05:28 PM

It's probably not a good idea to run the network through the webserver. If it gets compromised, then all the network traffic is running through a host that could be used quite easily for sniffing or man-in-the-middle attacks.

Instead of getting a second linux box, just get another NIC for the existing one and isolate the webserver from the LAN machines by putting the webserver on one NIC and the LAN machines on the other. Like:

Cable -----Linux Firewall ------Webserver

Plus this way, your network traffic is making one less hop and you can control the flow of traffic a little more easily.

All times are GMT -5. The time now is 06:37 PM.