Yes, you could definitely do a firewall on each server. Also, have you considered setting up a 4th machine between the Cisco and 3 servers? That could work also. You wouldn't make it a masq box, just configure it to pass packets based on the rules.
- James -----Original Message----- From: Alson van der Meulen [mailto:[EMAIL PROTECTED] Sent: Monday, October 22, 2001 6:58 AM To: Debian Security List Subject: Re: Firewall Related Question On Mon, Oct 22, 2001 at 12:44:03PM +0200, eim wrote: > I've got some simple questions related to using a Firewall on > some single pubblic Debian Boxes, I choose to post my questions > here because I've always securitty in mind during the Developing > time of my Network Services. > > Let me asume I've got a simple Network with 3 Pubblic Debian > Servers and 1 Cisco Router (Internet Gateway). > > The router belongs to my Connection ISP so I can't configure it, > but onlu use it for Internet connectivity. > > The 3 Debian Boxes are under my full control. > > The best way to protect my Debian Servers would be to install > a Firewall on my Gateway (Cisco Router) but actually I can't, > so my question is: Can I install a Firewall on each of my Debian > Boxes to filter/block incoming and outgoing Network Traffic ? > > Is this a good choice ? or should I put another machine in my > Network, between the Gateway and the Servers, which acts as Firewall ? You can just configure a packet filter on all your servers, the main disadvantage is that it's more difficult to administer -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]