Setup A: > > > > [ (nic2) ] <----> [ (nic3) H2 ] > > > > Internet <----> [ (nic1) H1 ] > > > > [ (nic4) ] <----> [ (nic5) H3 ] > > > > [ (nic6) H4 ] etc.
Setup B: > > > Internet <---> [nic1 H1 nic2] <---> [nic3 H2 nic4] <---> H3,H4,H5 ... > > Why having 2 firewalls? [...] > > You probably don't comprise a server by finding a flaw in the > firewall, you do it by finding a flaw in one of the sevices it runs > and exploit that. Sendmail, nfs or whatever. > > By having a dedicated firewall that does nothing but firewall, i.e. > running no other services, you cut off the ability for someone to hack > the box. > Yes, I understand that all right; as said previously, no services are effectively running on H1: connections are forwarded to H2. > You run the second firewall on the box to keep people from poking > where they shouldn't. For example, maybe a new blaster-xp worm comes > into your office via an e-mail attachment and starts hammering every > computer it can find. The firewall on H2 will offer protection. > But my question was: how is setup B more secure than setup A? The more so that you said above that the firewall *itself* can't usually be compromised. Unless I'm confused, H1 in setup A can offer the same protection (in the scenario of a virus attack from e.g. H3) to the services running on H2 as a second firewall running on H2 itself. In fact neither setup A nor setup B can protect the internal network (H3, etc.) from such a situation; which is probably one of the reasons for your last suggestion: > [...] put up firewalls on every > computer in the office, Of course, if there is a fw on every end-user machine, it doesn't make much sense to discuss how to avoid putting one more on the main server ;-) Thanks, Gilles _______________________________________________ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
