-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sun, 31 Jul 2005, /dev/rob0 wrote:
Timothy Patterson wrote:
I currently have NAT set using masquerading to allow internet access
from all of our internal computers on the network. My problem is that I
am also trying to run Apache on the box that is doing the NAT
translation rules. Is it possible to run a web server on the same box
that is performing the translations?
Of course.
If so, could someone give me a quick example on how to accomplish
Restrict SNAT by interface. Only do it for clients on the LAN.
this? I've tried googling for this, but I have not found any pertinent
results.
The NAT HOWTO?
doable, but not adised, a firewall should be single purpose, most servers
should be single purpose where possible. But then this is not often the
case. But a firewall certainly should be a single purpose system much
like a router is, they do similair work anyways.
putting a web servers on the firewall makes the firewall and the whole
internal network subject to any issues that the web services now face,
plus you now have to allow naother set of ports/protocols directly to the
system and not merely passingby or through it. A web server would
preferably run on a system in the dmz, andf not heavily traffices can run
well on an old cheap pc.
To state this in anohter way; just because something is possible does not
mean it should be done, or the prefered way of doing things.
Thanks,
Ron DuFresne
- --
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629
...We waste time looking for the perfect lover
instead of creating the perfect love.
-Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFC7lg4st+vzJSwZikRAsk4AJ44/FggWHAp2k4mUCTZMo65fJUlYQCgt7by
0ogLObSUx2jCPWSydRUVZ3A=
=6ovs
-----END PGP SIGNATURE-----
