My departmental servers already sit behind two firewalls (not managed by me), that are to protect us from the "outside."...
While this seems like it should be enough, I would like to further segregate/protect my (Win NT 4.0) servers from the other (200+) departments that also sit behind the two firewalls. I keep hearing about how simple it is to take an old (for example 266Mhz) Pentium desktop, throw Linux on it and you have a firewall. My question, however, has to do with "load bearing" and physical connectivity. Should I put just one Linux box in front of say six servers, or do I have one Linux box per server? I don't quite understand how just one Linux box could handle all the traffic going to all the NT servers.
First, there is a little more than just putting Linux on a Pentium box to make a firewall. You will also need some firewall software to do either proxies, port-filtering or both.
As for the load, a lot depends on the bandwidth of the data. Are you running these six servers on a 10MB Ethernet? 100MB? Connected by fiber? The more bandwidth, the more data that has to be processed by the firewall. The firewalls have a lot less processing to do than the servers, so generally a 266Mhz Pentium could serve more than one server. However, you'll have to experiment to determine exactly how many. Or, you can hire a network engineer that can do the calculations to figure it out in advance.
Dig Deeper on Security Resources
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.