Unbuntu with 2 Network cards.

Chan Chung Hang Christopher christopher.chan at bradbury.edu.hk
Sat Jun 5 03:28:45 UTC 2010

J wrote:
> On Fri, Jun 4, 2010 at 16:37, Maxime Alarie <malarie at processia.com> wrote:
>> I have a Ubuntu server 9.1  server with 2 nics.  I would like to  put one
>> Nic outside my firewall (public) and the other inside my firewall. Both nics
>> wont be on the same subnet. Communications will be “impossible” between the
>> 2 interfaces.  root cant ssh on this server as well..
> I hope you mean THROUGH your firewall, not OUTSIDE your firewall.  I
> would NOT in any way, shape or form plug a server directly to the
> internet without a firewall between them, and that goes doubly so if
> you plan on having that machine ALSO connected to your internal
> network...


Linux is perfectly capable of protecting itself with a filtering 
firewall. So unless you have an application layer firewall in mind, I 
see absolutely no need to have a firewall in front of it. For a Windows 
server, I perfectly understand but to say that it is necessary for a 
linux host takes it too far. I can understand putting a bridging 
firewall in front of a cluster of hosts so as to not have to manage 
firewall rules on all of them but that does not seem to be your argument 
and unnecessary when speaking of just a single host.

> However, if you mean connecting THROUGH your firewall, then by all
> means, go for it.  That's how most places work... one connection goes
> through the world, one connection is for internal access (at least
> that's how every datacenter I've ever been in worked).

You must have oodles of cash then. When I was an MTA admin for an outfit 
that then dealt with 200 million smtp transactions daily, all my front 
line mx hosts took care of their firewalling. No money for an F5 nor was 
there anything that could handle the udp traffic generated from the dns 
traffic. The webservers, file servers and database servers were all 
behind bridging firewalls but not my babies and their dns caches.

More information about the ubuntu-users mailing list