Q

Load bearing for Linux firewalls

My departmental servers already sit behind two firewalls (not managed by me), that are to protect us from the "outside."

While this seems like it should be enough, I would like to further segregate/protect my (Win NT 4.0) servers from the other (200+) departments that also sit behind the two firewalls. I keep hearing about how simple it is to take an old (for example 266Mhz) Pentium desktop, throw Linux on it and you have a firewall. My question, however, has to do with "load bearing" and physical connectivity. Should I put just one Linux box in front of say six servers, or do I have one Linux box per server? I don't quite understand how just one Linux box could handle all the traffic going to all the NT servers.

First, there is a little more than just putting Linux on a Pentium box to make a firewall. You will also need some firewall software to do either proxies, port-filtering or both.

As for the load, a lot depends on the bandwidth of the data. Are you running these six servers on a 10MB Ethernet? 100MB? Connected by fiber? The more bandwidth, the more data that has to be processed by the firewall. The firewalls have a lot less processing to do than the servers, so generally a 266Mhz Pentium could serve more than one server. However, you'll have to experiment to determine exactly how many. Or, you can hire a network engineer that can do the calculations to figure it out in advance.

For more information on this topic, visit these other searchSecurity resources:
Best Web Links: Firewalls
Featured Topic: Firewall management

This was first published in February 2002

Dig deeper on Security Resources

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close