[prev in list] [next in list] [prev in thread] [next in thread]
List: linux-poweredge
Subject: RE: Firewall cards for PE 2650?
From: "codefit" <support () codefit ! com>
Date: 2004-03-31 20:52:43
Message-ID: OOELKJJGOKBCKBCNLHKFOEMOENAA.support () codefit ! com
[Download RAW message or body]
Thanks Mark,
I'm just talking about installing a firewall card into one server
at a co lo facility, to protect that one server, not an entire rack
or network.
Would installing a card into that one server to place that server
behind a firewall (for that one server)
be feasible, or practical?
Or should I just go with IP tables and just do a
software firewall for that server instead? Are there any
big advantages with going with hardware as opposed to
software firewalls in this scenario?
-----Original Message-----
From: linux-poweredge-admin@dell.com
[mailto:linux-poweredge-admin@dell.com]On Behalf Of Mark Watts
Sent: Wednesday, March 31, 2004 10:53 AM
To: codefit; linux-poweredge@dell.com
Subject: Re: Firewall cards for PE 2650?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> > Hardware firewalls are nothing more than some network cards and some
>
> firewall
>
> > software (often Linux/IPTables) to glue the cards together.
> >
> > Ergo, there is no such thing as a 'firewall' card. Rather, you use
> > Linux/IPTables on a regular PC/Server to glue together some normal
network
> > cards.
> >
> > Mark.
>
> Thanks Mark,
>
> I'm reading up on IP tables this week. So if I can set up IP tables
> correctly
> then is there really no need for a hardware firewall device? Is it
> redundant?
Not all hardware firewalls run Linux/IPTables.
In addition to this, a dedicated hardware firewall often takes up far less
space than a general purpose server with firewalling software, and is
probably a lot quieter and draws less power.
A Linux box will probably be running a bunch of services that you don't
need/want on a firewall anyway.
If you really wanted a linux-based firewall in a small form factor, you
could
do worse than to build a custom box based on the Via Mini-ITX format. These
have plenty of power and often have as many as 3 nic's built in which makes
them idea for low cost servers.
As has already been mentioned, there are some advanced network cards
available
(notably from 3Com) which provide some policy based facilities, although
since these (IIRC) need to be running on Windows, you don't really gain
much.
As an aside, its usually good practice to use more than one vendor for your
firewalls so that you don't get affected by the same bug on all your
devices.
Mark.
- --
Mark Watts
Senior Systems Engineer
QinetiQ TIM
St Andrews Road, Malvern
GPG Public Key ID: 455420ED
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQFAaulRBn4EFUVUIO0RAhpDAJ0RPqvbb7cDL6SmDz5xg4LFg0isCACgzIBe
RMdp6Vo1Y735BIKnETiL59M=
=Gynh
-----END PGP SIGNATURE-----
_______________________________________________
Linux-PowerEdge mailing list
Linux-PowerEdge@dell.com
http://lists.us.dell.com/mailman/listinfo/linux-poweredge
Please read the FAQ at http://lists.us.dell.com/faq or search the list
archives at http://lists.us.dell.com/htdig/
_______________________________________________
Linux-PowerEdge mailing list
Linux-PowerEdge@dell.com
http://lists.us.dell.com/mailman/listinfo/linux-poweredge
Please read the FAQ at http://lists.us.dell.com/faq or search the list archives at \
http://lists.us.dell.com/htdig/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic