On Thu, 2002-05-23 at 12:58, Alex Bennee wrote: > ewan said: > > > >> #Lan--Internal Firewall--- External firewall -- Internet > >> | > >> | > >> webserver > > > > > > what purpose does the internal firewall serve? just plug everything > > into one firewall and write rules accordingly > There is nothing wrong with having multiple layers of firewalls. It means > your haxor has several layers of security to beat - security through depth. More to the point, you can tell the inner firewall to do masquerading, while the outer wall does filter-only, so your office LAN is safe where the haxor can't even touch it until and unless he compromises the inner firewall (which you can hammer shut to Fort Knoxian levels without compromising accessibility) while the webserver (and maybe other servers as well as the need arises) are in the perimeter -- not as well defended, but accessible from the outside. > But you can just use iptables on your internal firewall as well. No point > learning new semantics :-) Other than the fact that it's fun. :) > Alex > www.bennee.com/~alex/ -- Rens Houben | opinions are mine Resident linux guru and sysadmin | if my employers have one Systemec Internet Services. |they'll tell you themselves PGP public key at http://suzaku.systemec.nl/shadur.key.asc -- new Dec 12 2001
Attachment:
pgp00087.pgp
Description: PGP signature
