My departmental servers already sit behind two firewalls (not managed by me), that are to protect us from the "outside."...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
While this seems like it should be enough, I would like to further segregate/protect my (Win NT 4.0) servers from the other (200+) departments that also sit behind the two firewalls. I keep hearing about how simple it is to take an old (for example 266Mhz) Pentium desktop, throw Linux on it and you have a firewall. My question, however, has to do with "load bearing" and physical connectivity. Should I put just one Linux box in front of say six servers, or do I have one Linux box per server? I don't quite understand how just one Linux box could handle all the traffic going to all the NT servers.
First, there is a little more than just putting Linux on a Pentium box to make a firewall. You will also need some firewall software to do either proxies, port-filtering or both.
As for the load, a lot depends on the bandwidth of the data. Are you running these six servers on a 10MB Ethernet? 100MB? Connected by fiber? The more bandwidth, the more data that has to be processed by the firewall. The firewalls have a lot less processing to do than the servers, so generally a 266Mhz Pentium could serve more than one server. However, you'll have to experiment to determine exactly how many. Or, you can hire a network engineer that can do the calculations to figure it out in advance.
Dig Deeper on Security Resources
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.