Hello Simon, [EMAIL PROTECTED] wrote:
> > now what i want to know is. > > 1) any special considerations need to be taken while setup of the firewall > rules for utmost security n speed Here are a few ideas that come to mind. a) Don't allow ANY connections to the firewall from the net. Administer the firewall from its console or from systems behind it. Restrict which systems can connect to it. b) Allow only the outbound traffic from the server that is essential to its operation. c) Use a minimum of rules (for speed). d) Configure the firewall with FASTACCEPT=Yes (again, for speed). e) Configure Shorewall to start before the network interfaces are brought up. That means that you cannot use any Shorewall feature that requires interfaces to be UP when Shorewall starts. This avoids momentary "holes" during boot up of the firewall. > > 2)is it better to host the server on a private Ip for security instead of > public IP and do the nat on shorewall firewall n will it effect the speed > ?? If the firewall is administered properly, there should be no additional security offered by NAT. On the other hand, NAT offers protection in the event that the firewall is accidentally opened. I don't believe that the effect on speed is significant but then I haven't measured it either. So long as you have fast enough Firewall hardware, it shouldn't matter anyway. Hopefully other list readers have additional suggestions for you. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
