[CentOS] firewall?

[Rudi Ahlers]

On Sat, Jul 16, 2011 at 2:44 PM, Ljubomir Ljubojevic <office at plnet.rs> wrote:
>
> But if you have public network passing through local area switch, then
> there is possibility o hackers using lower network layers to access
> unprotected PC's on that local network. Not long-distance hackers, but
> in case of physical presence outside of your network they could assign
> virtual IP to the MAC addresses of your PC's and access it directly that
> way, not to mention danger of PC's bypassing your one-NIC firewall and
> unsafely connecting to the outside.
>
> Ljubomir
> _______________________________________________




"local hackers" is a matter all on it's own :) I have seen many cases
on clients networks where they use an expensive commercial firewall
(brand doesn't matter here, but let's say for example Cyberoam, Cisco,
HP etc) and still have problems with "hackers on the local LAN" cause
they didn't think of setting up propper security on the LAN as well.



The fact is, you can use a Linux firwall with a single NIC, as long as
you use different IP subnets and strong iptables rules to filter
traffic properly between the 2 subnets.

another scenarion where this is used more and more these days is with
virtualization, where you won't have different NIC's for each virtual
server on the same physical server. The only way to firewall that
traffic is to use iptables and VLAN's.
And many many hosting companies use virtual hosting for their clients.

-- 
Kind Regards
Rudi Ahlers
SoftDux

Website: http://www.SoftDux.com
Technical Blog: http://Blog.SoftDux.com
Office: 087 805 9573
Cell: 082 554 7532