Firewall Configuration Question... Is this possible?
jengelh at linux01.gwdg.de
Tue Aug 2 08:26:06 CEST 2005
> doable, but not adised, a firewall should be single purpose, most servers
> should be single purpose where possible. But then this is not often the case.
> But a firewall certainly should be a single purpose system much like a router
> is, they do similair work anyways.
Having many servers has two disadvantages: Power consumption and
administration expense (you gotta install and upgrade each of them).
A "service split" [for load balance] is not bad, but you can also overdo it.
> putting a web servers on the firewall makes the firewall and the whole internal
> network subject to any issues that the web services now face, plus you now have
> to allow naother set of ports/protocols directly to the system and not merely
You don't run a webserver with root.
More information about the netfilter