[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sheflug] Firewall stuff
> Why the clucking bell would people be running X, httpd or smbd on
> a firewall ?
> Or are you talking about 1 machine here? i.e. one box connected
> to the outside world.
Well in my case, yes ... :) It depends how you have your firewall setup. It's
good practice to have everything else sitting on another box, but there's
nothing to stop you sticking everything on one box :)
I (probably mistakingly) view it as: if they break through the firewall, it
doesn't matter what you've got on your internal network :) If it's been done
on your master firewall, it can be done again ... espeically if other boxes
are running the same OS at the same rev level.
A small house network may also have everything on one box, with the firewall
acting as the house "server"...which is what the original post seems to
imply. But without knowning for certain the application...
>
> Why oh why do people do this and take up resources on a
> machine that simply forwards/filters packets...
Not much resources ... if X isn't doing anything it'll be swapped out eating
little or no CPU. Unless there's a OpenGL xlock running on it :)
It's another potential security hole, but packet filtering isn't a huge
memory or CPU hog (though this depends on the connections to it; certainly
our 486 firewall at work isn't pushed with a 10Mbps in and 64k ISDN out).
Chris...
--
Chris Johnson \ "If not for me then, do it for yourself. If not
sixie@nccnet.co.uk \ for then do it for the world." -- Stevie Nicks
www.nccnet.co.uk/~sixie/ ~---------------------------------------+
Redclaw chat - http://redclaw.org.uk - telnet redclaw.org.uk 2000 \______
---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word
"unsubscribe" in the body of the message.
GNU the choice of a complete generation.