creating a DMZ -- seeking firewall advice

Gabriel Gunderson gabe at gundy.org
Tue Mar 8 13:25:07 MST 2005


On Tue, 2005-03-08 at 10:49 -0700, Ryan Byrd wrote:
> so our small business is becoming a medium-sized business and we are
> planning on switching from a bunch of servers running iptables to a
> more enterprise layout with a couple of hardware firewalls creating a
> DMZ for our webservers.

You can't beat the flexibility of iptables and Linux.

> Any advice? I head that Cisco PIX firewalls are industry standard for
> this type of thing. Anyone have any experience with those? Is there a
> less expensive but equally as robust firewall?

Hardware is your big concern here.  Just avoid moving parts and heat as
much as possible.  I have a 486 and with a 800 meg hard drive that I end
up rebooting about once a year.  I just run a script which locks the box
down and sets up iptables.  If that box ever failed, I could have a
replacement up within 30 mins.  In time I'll find something without a
hard drive but it's not that urgent now.

You will spend a little time learning iptables (as you will with IOS)
but you will take the scripts that you develop and the things you learn
with you.  When you outgrow your PIX, you'll just buy a new one.  I like
investing in myself not hardware.

Gabe

> ideas?
> 
> mrb




More information about the PLUG mailing list