On Sat, Jul 16, 2011 at 2:01 PM, Drew drew.kay@gmail.com wrote:
That being said, one should *never* create firewall with only one NIC! It is highly unsafe.
So I shouldn't run a firewall on any of my hundreds of single nic instances?
I think he's referring to the standard router/firewall scenario where the server is an internet gateway for a network. There I'd consider a single interface system as inherently insecure.
-- Drew
"Nothing in life is to be feared. It is only to be understood." --Marie Curie _______________________________________________
well there's no real reason why a single NIC firewall should be insecure. We're all referring a normal PC (or even server) with CentOS installed on it, not a commercial firewall.
If you setup different IP subnets on the same NIC and routing between them, the same way as between 2 NIC's then you'll still have the same level of firewalling. And I'm sure you could setup VLAN's on the switch for the different IP subnets to make it more secure as well.
The one place where this is commonly used is with a PPPoE ADSL switch where the ADSL "firewall" establishes the PPPoE connection and then shares the internet to the LAN as well using the same ADSL modem's wifi connection.