Unbuntu with 2 Network cards.
Chan Chung Hang Christopher
christopher.chan at bradbury.edu.hk
Sat Jun 5 03:28:45 UTC 2010
> On Fri, Jun 4, 2010 at 16:37, Maxime Alarie <malarie at processia.com> wrote:
>> I have a Ubuntu server 9.1 server with 2 nics. I would like to put one
>> Nic outside my firewall (public) and the other inside my firewall. Both nics
>> wont be on the same subnet. Communications will be “impossible” between the
>> 2 interfaces. root cant ssh on this server as well..
> I hope you mean THROUGH your firewall, not OUTSIDE your firewall. I
> would NOT in any way, shape or form plug a server directly to the
> internet without a firewall between them, and that goes doubly so if
> you plan on having that machine ALSO connected to your internal
Linux is perfectly capable of protecting itself with a filtering
firewall. So unless you have an application layer firewall in mind, I
see absolutely no need to have a firewall in front of it. For a Windows
server, I perfectly understand but to say that it is necessary for a
linux host takes it too far. I can understand putting a bridging
firewall in front of a cluster of hosts so as to not have to manage
firewall rules on all of them but that does not seem to be your argument
and unnecessary when speaking of just a single host.
> However, if you mean connecting THROUGH your firewall, then by all
> means, go for it. That's how most places work... one connection goes
> through the world, one connection is for internal access (at least
> that's how every datacenter I've ever been in worked).
You must have oodles of cash then. When I was an MTA admin for an outfit
that then dealt with 200 million smtp transactions daily, all my front
line mx hosts took care of their firewalling. No money for an F5 nor was
there anything that could handle the udp traffic generated from the dns
traffic. The webservers, file servers and database servers were all
behind bridging firewalls but not my babies and their dns caches.
More information about the ubuntu-users