Ask the Expert

Load bearing for Linux firewalls

My departmental servers already sit behind two firewalls (not managed by me), that are to protect us from the "outside." While this seems like it should be enough, I would like to further segregate/protect my (Win NT 4.0) servers from the other (200+) departments that also sit behind the two firewalls. I keep hearing about how simple it is to take an old (for example 266Mhz) Pentium desktop, throw Linux on it and you have a firewall. My question, however, has to do with "load bearing" and physical connectivity. Should I put just one Linux box in front of say six servers, or do I have one Linux box per server? I don't quite understand how just one Linux box could handle all the traffic going to all the NT servers.


    Requires Free Membership to View

First, there is a little more than just putting Linux on a Pentium box to make a firewall. You will also need some firewall software to do either proxies, port-filtering or both.

As for the load, a lot depends on the bandwidth of the data. Are you running these six servers on a 10MB Ethernet? 100MB? Connected by fiber? The more bandwidth, the more data that has to be processed by the firewall. The firewalls have a lot less processing to do than the servers, so generally a 266Mhz Pentium could serve more than one server. However, you'll have to experiment to determine exactly how many. Or, you can hire a network engineer that can do the calculations to figure it out in advance.


For more information on this topic, visit these other searchSecurity resources:
Best Web Links: Firewalls
Featured Topic: Firewall management


This was first published in February 2002

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: