[K12OSN] Router?
Burke Almquist
balmquist at mindfirestudios.com
Wed Jul 7 15:30:34 UTC 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The two network interfaces are handled differently by default, thus you
allow pretty much all traffic on the LAN card while being pretty
restrictive on the WAN card. To me, the decision to use or not use an
external device boils down to your comfort level configuring iptables
versus your router. (Or if you are really paranoid and want one more
device between your server and the world.)
On Jul 7, 2004, at 8:32 AM, Petre Scheie wrote:
> I would opt for using the D-Link router between your server and the
> cable modem, to provide some simple firewalling between your server
> and the internet. Yes, the server has firewalling built-in, via
> iptables, but considering all the uses the server has, it requires
> that a number of ports be open so the clients can talk to it.
> However, there's no reason for these ports to be open to the internet
> side. And yes, you can control that, too, through iptables, but it
> means you have to control all that through iptables. With the dlink
> router in there, you set it to allow no in-bound connections, or
> perhaps just port 22 so you can ssh in for admin purposes. Some
> people, like me, even run *another* router/firewall in there to create
> a real DMZ for web servers and the like. That way none of your
> internal boxes is accessible from the outside world except those web
> servers that you want to be accessible.
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
iEYEARECAAYFAkDsFxsACgkQfqZR3ThMfXR/pQCdEhmr1UkyNIqq6wfcTT+SEfcG
ixYAn11TpJ3sOtd+Bd8WmqIhSCdSwt0Y
=JlPy
-----END PGP SIGNATURE-----
More information about the K12OSN
mailing list