[CentOS] firewall?

Sat Jul 16 12:18:33 UTC 2011
Rudi Ahlers <Rudi at SoftDux.com>

On Sat, Jul 16, 2011 at 2:01 PM, Drew <drew.kay at gmail.com> wrote:
>>> That being said, one should *never* create firewall with only one NIC!
>>> It is highly unsafe.
>>
>> So I shouldn't run a firewall on any of my hundreds of single nic
>> instances?
>
> I think he's referring to the standard router/firewall scenario where
> the server is an internet gateway for a network. There I'd consider a
> single interface system as inherently insecure.
>
>
> --
> Drew
>
> "Nothing in life is to be feared. It is only to be understood."
> --Marie Curie
> _______________________________________________



well there's no real reason why a single NIC firewall should be
insecure. We're all referring a normal PC (or even server) with CentOS
installed on it, not a commercial firewall.

If you setup different IP subnets on the same NIC and routing between
them, the same way as between 2 NIC's then you'll still have the same
level of firewalling. And I'm sure you could setup VLAN's on the
switch for the different IP subnets to make it more secure as well.

The one place where this is commonly used is with a PPPoE ADSL switch
where the ADSL "firewall" establishes the PPPoE connection and then
shares the internet to the LAN as well using the same ADSL modem's
wifi connection.


-- 
Kind Regards
Rudi Ahlers
SoftDux

Website: http://www.SoftDux.com
Technical Blog: http://Blog.SoftDux.com
Office: 087 805 9573
Cell: 082 554 7532