Re: firewall?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Sat, 16 Jul 2011, Ljubomir Ljubojevic wrote:

> To: CentOS mailing list <centos@xxxxxxxxxx>
> From: Ljubomir Ljubojevic <office@xxxxxxxx>
> Subject: Re:  firewall?
> 
> Rudi Ahlers wrote:
>> On Sat, Jul 16, 2011 at 2:20 PM, Ljubomir Ljubojevic <office@xxxxxxxx> wrote:
>>> Keith Roberts wrote:
>>>> So I guess I could configure my single NIC Centos 5.6
>>>> machine connected to a 4 port ADSL router to act as the
>>>> external Gateway for other machine on the LAN side of the
>>>> router, possibly using NAPT on the Centos box?
>>> Yes, you can do that. You can also use it as a proxy server.
>>>
>>> When I said "firewall", I meant as firewall for the network, facing
>>> outside of the local network. There were people who would bring public
>>> (or semi-public, from ISP) IP to the switch and then hook up all PC's to
>>> that switch and use 2 subnets, one that ISP provided and one for the
>>> local LAN, all on the same switch, to save on hardware. That is not safe
>>>  and not wise.
>>
>> Sure, if the 2 subnets were just NAT'ed then it wouldn't be very safe.
>> But if you have propper firewall rules in place to block incoming
>> traffic from the public IP going to the private IP then it's very
>> safe.
>>
> You are looking only at the safety of the server, not the whole network.
>
> In case od ADSL modems *with NAT-ing* you already have firewall in form
> as ADSL modem, and you are safe.

That's exactly how my Thompson ADSL router works. By defalut 
it blocks any connections coming in from the outside 
internet IP address.

To open a port I have to login to the router, and create 
NAPT rule that links an outside port to a machine and port
on the LAN side of the router.

I did have port 80 NAPT's this way, but now I have removed 
that rule, as my websites are hosted on a cloud in a proper 
data center.

So what with the router firewall and then the Linux Kernel 
IPtables packet filtering firewall, I actually have two 
firewalls running?

For checking open/closed ports from the outside, I go to 
www.grc.com and let their machine do a 'Shields Up' scan of 
my machine.

Kind Regards,

Keith Roberts

-----------------------------------------------------------------
Websites:
http://www.karsites.net
http://www.php-debuggers.net
http://www.raised-from-the-dead.org.uk

All email addresses are challenge-response protected with
TMDA [http://tmda.net]
-----------------------------------------------------------------
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux