OK, I don't advertise that I'm the "know-it-all" when it comes to security,
and in the State of Nevada (USA) I'm not allowed to advertise as a
"security consultant" without a special license from the Private
Investigator's License Board.
I have a firewall running on 2.4.18 (Red Hat 7.3/Valhalla with updates)
which is (on an experimental basis) doing port-number-based forwarding to a
Web server. The idea is that the Web server is *not* directly on the 'Net,
but is instead behind a firewall that steers incoming traffic to it on two
specific ports: 80 and 443. (Yes, I installed the slapper on the Web
server.) This was done using IPTABLES.
I've also been experimenting with the traffic limiting capabilities, as one
co-locate provider offers discounts for guaranteed lower bandwidth
utilization, so by limiting the bandwidth using IPTABLES I should be able
to cut my co-lo costs to 1/3 of what they would be with "unlimited" bandwidth.
I've worked with the PIX, and I don't see what I'm missing in features
between the PIX and Linux/IPTABLES. I'm sure there is something. Please
amplify on your comments.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/