On Mon, 21 Jul 2003, Ansgar Wiechers wrote: > On 2003-07-19 [EMAIL PROTECTED] wrote: > > I have a second desktop and I would like to host a http, ftp, smtp, > > and mysql servers. this second desktop must route my traffic from my > > first desktop and be use as a firewall. It will be an heterogenous > > network because I think it's better to host servers on linux OS; my > > first desktop is a multi OS XP - redhat system > > > > I have the following questions: > > is there some problems from hosting webserver on the firewall? > > Yes. Do not run servers on firewalls. Just don't. Every service allowing > inbound connections which runs on your firewall adds a potential > security breach.
This is the ideal case, however for smaller networks a server/firewall may be the only practical route. A stateful firewall (such as pf or iptables) with all incoming ports blocked except port 80 for httpd, and an administrator who keeps on top of patches can still be reasonably secure. As you said, running minimal services is very important. And this is better than just port-forwarding port 80 to an insecure box on a private network, IMO. If the firewall runs NAT too, you can put a router and desktop firewalls inside the network for paranoia and do remote backups of the web server from there. :) > > I can't buy dedied firewall... > > Depends. Small routers (e.g. from Netgear) aren't *that* expensive and I > don't assume you are going to need a Cisco or something for your private > LAN. What kind of connection do you have? Personally, those cheap (sub $100) routers make me nervous... at least with a software firewall you know what you've got and can keep it patched. -- Kelly Martin <[EMAIL PROTECTED]> --------------------------------------------------------------------------- ----------------------------------------------------------------------------
