addressalign-toparrow-leftarrow-leftarrow-right-10x10arrow-rightbackbellblockcalendarcameraccwcheckchevron-downchevron-leftchevron-rightchevron-small-downchevron-small-leftchevron-small-rightchevron-small-upchevron-upcircle-with-checkcircle-with-crosscircle-with-pluscontroller-playcredit-cardcrossdots-three-verticaleditemptyheartexporteye-with-lineeyefacebookfolderfullheartglobe--smallglobegmailgooglegroupshelp-with-circleimageimagesinstagramFill 1languagelaunch-new-window--smalllight-bulblightning-boltlinklocation-pinlockm-swarmSearchmailmediummessagesminusmobilemoremuplabelShape 3 + Rectangle 1ShapeoutlookpersonJoin Group on CardStartprice-ribbonprintShapeShapeShapeShapeImported LayersImported LayersImported Layersshieldstar-shapestartickettrashtriangle-downtriangle-uptwitteruserwarningyahooyoutube

Re: [opensource-62] 2 network queries

From: hhernandez
Sent on: Wednesday, March 4, 2015, 7:26 AM
Physical separation is "more secure", however depending on your needs VLANs will work just as fine. If you want you even make the default gateway for each VLAN the firewall so that any intervlan routing must pass through it. 

You would want your firewall to be separate from your other servers. Remember a server has opened ports to allow people to access it services (ie web, mail, DNS). These ports can at times be exploited. A firewall on the hand is a pass through device. It is not offering services via opened ports, but filtering what traffic is allowed to your servers. You do not want the device that controls the access to you system to offering up connections to itself from un trusted sources. 

Sent from my iPhone

On Mar 4, 2015, at 2:23 AM, mowgli <[address removed]> wrote:

  1. are VLANs as secure as using 2 separate switches for each LAN?  the LANs in this case are a wired, internal LAN & a wireless, public LAN.
  2. you guys once told me to use a separate box as my firewall from the server itself.  so if my servers are hosted at linode,
    1. should have fire up a 3rd linode to function purely as my firewall for the other server linodes?  or just config firewall on each server is same benefit?
    2. if a sep fw linode is better, is a basic linode fine or does it need some hefty RAM/CPU capacity to prevent latency & bottlenecks for the servers?  i imagine the basic linode pkg is fine since the fw linode is just passing/rejecting packets based on fw rules.
    3. does linode have a fw feature of some kind for exactly this purpose so that i dont have to run a sep linode just for the fw?
thanx!

should we make the mtg this sat all things fw?  if so i can submit my crappy fw for exhaustive review/reprimand/rectumfication.




--
Please Note: If you hit "REPLY", your message will be sent to everyone on this mailing list ([address removed])
This message was sent by mowgli ([address removed]) from Dallas Open Source Saturday.
To learn more about mowgli, visit his/her member profile
To report this message or block the sender, please click here
Set my mailing list to email me As they are sent | In one daily email | Don't send me mailing list messages

Meetup, POB 4668 #37895 NY NY USA 10163 | [address removed]

Dallas, TX

Founded Jun 3, 2006

Organizers:

Randall White, John Fields
Contact

People in this
group are also in: