Hello,
On Tue, 17 Jul 2001, James O'Kane wrote:
> On Tue, 17 Jul 2001, Julian Anastasov wrote:
> > You are using too restrictive rules, do you really need them?
> >
> > The LVS users that use Linux 2.2 are not powered with such firewall
> > rules but you can build secure setup even with simple rules. In some
> > cases even without firewall rules :)
>
> I've had and seen friend's machines cracked too often to want to deal with
> want to error on the side of too restrictive and then open things as
> needed. This machine will be my main firewall as well. I have a very small
> setup, and lvs is probably overkill and I could probably do everything I
> need with just iptables, but I wanted to start using it from the start.
> So far, mixing realservers and plain workstations behind my
> firewall/director works. Is there any good reason to add an eth2 and put
> them on different subnets? I have around 10 machines including the
> firewall, realservers and desktops.
Yes, sometimes spliting the net is required but I don't know
your needs. Plainning and building a firewall and routing takes time.
For LVS you need to filter the incoming traffic in LOCAL_IN (like
in Linux 2.2) and the outgoing NAT traffic in FORWARD. This is different
from Netfilter.
> thanks
> -james
Regards
--
Julian Anastasov <ja@xxxxxx>
|