>Think about it. Is there *ever* a need for a database >server that powers a website to be accessible from the public Internet? >Probably not.
Hello, here is a case: a web server accesses in-house SQL server that contains proprietary code and hardware too sensitive to be left sitting in a cage in some colo. NAT / Firewall (hope I'm using the terminology correctly here) has port forwarded to database server, with access allowed only from webserver's ip. I'm reading this thread because I want to know what the dangers are with NAT etc. The conversation is interesting, but I would like a more in-depth explanation of why some are saying that NAT is not a good way to protect a network, and it would be good to know how a NAT firewall could be hacked, if Shorewall is secure enough to be used in the above scenario, what configuration mistakes to look out for with Shorewall, and especially, in much more detail, the answers to this question: > What's the difference, security wise between : > DNAT net loc:a.b.c.d > and > ALLOW net loc:a.b.c.d > assuming you have a default policy net->loc of drop ? Thanks -J (Tried to make this more readable for you by putting carriage returns after each line, hope that doesn't make it worse) ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
