LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 10-06-2004, 12:26 PM   #1
gensis
LQ Newbie
 
Registered: Jun 2004
Distribution: Slackware, Suse, Red Hat, Fedora
Posts: 28

Rep: Reputation: 15
Linux Firewall Design Question?


Currently, i am living in an apartement building, i am paraonid after the DCOM worm ><;. I understand that having a DMZ is the best type of firewall design. I have a webserver and serveral personal machines. i really dont have extra money to pay for an another linux box. Do you think the firewall design would work?

Cable Modem=====> [linux firwall: 2 nics] ======>[webserver]===>[NetGear NAT Device *serves as the 2nd firewall] <==========rest of the network

LInux firewall 1: regular routeable ip 2: 10.0.0.*
NetGear NAT Device 1.10.0.0.* 2: 192.168.0.*

Do you think this would work?

Thank you
 
Old 10-06-2004, 12:50 PM   #2
qwijibow
LQ Guru
 
Registered: Apr 2003
Location: nottingham england
Distribution: Gentoo
Posts: 2,672

Rep: Reputation: 47
that all depends on the firewall's rules !

also... install tripwire (or a similar program) and SNORT.

and make sure you are always running the latest version of apache web server.
 
Old 10-06-2004, 05:28 PM   #3
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
It's probably not a good idea to run the network through the webserver. If it gets compromised, then all the network traffic is running through a host that could be used quite easily for sniffing or man-in-the-middle attacks.

Instead of getting a second linux box, just get another NIC for the existing one and isolate the webserver from the LAN machines by putting the webserver on one NIC and the LAN machines on the other. Like:
Code:
Cable -----Linux Firewall ------Webserver
                    |
                    |
                   NAT-----LAN
Plus this way, your network traffic is making one less hop and you can control the flow of traffic a little more easily.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Linux for Graphic Design, web design, and publishing maelstrom209 Linux - Software 8 07-17-2011 11:35 AM
PF - design/configure firewall for network using ADSL connection -- please help me b:z *BSD 3 06-22-2005 12:27 AM
Design question blmack44 Linux - Hardware 1 08-22-2004 10:05 AM
Linux Firewall Design Tool......Help!!! rami9009 Linux - Security 1 07-08-2002 11:10 PM
Database Design Question oulevon Programming 4 09-12-2001 04:38 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:45 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration