Problem solve Get help with specific problems with your technologies, process and projects.

Load bearing for Linux firewalls

My departmental servers already sit behind two firewalls (not managed by me), that are to protect us from the "outside."...

While this seems like it should be enough, I would like to further segregate/protect my (Win NT 4.0) servers from the other (200+) departments that also sit behind the two firewalls. I keep hearing about how simple it is to take an old (for example 266Mhz) Pentium desktop, throw Linux on it and you have a firewall. My question, however, has to do with "load bearing" and physical connectivity. Should I put just one Linux box in front of say six servers, or do I have one Linux box per server? I don't quite understand how just one Linux box could handle all the traffic going to all the NT servers.

First, there is a little more than just putting Linux on a Pentium box to make a firewall. You will also need some firewall software to do either proxies, port-filtering or both.

As for the load, a lot depends on the bandwidth of the data. Are you running these six servers on a 10MB Ethernet? 100MB? Connected by fiber? The more bandwidth, the more data that has to be processed by the firewall. The firewalls have a lot less processing to do than the servers, so generally a 266Mhz Pentium could serve more than one server. However, you'll have to experiment to determine exactly how many. Or, you can hire a network engineer that can do the calculations to figure it out in advance.

For more information on this topic, visit these other searchSecurity resources:
Best Web Links: Firewalls
Featured Topic: Firewall management

This was last published in February 2002

Dig Deeper on Information security policies, procedures and guidelines

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.