"Tim Guy" wrote...
> Is running an Apache Server on a 2 x nic system (local and Internet) and
> then using Linux firewall to lock down all put port 80 on the internet
side
> a viable option or am I leaving myself more open than if I ran a seprate
> firewall?
Tim,
The "best practise" would be to run them on separate boxes. This is largely
due to the fact that if you run multiple apps (servers) on the same box as
the firewall, and there is an exploitable flaw in one of those apps, your
entire network can be compromised. Keeping a minimum number of points of
ingress is the "best" way to go.
Having said all that, it doesn't mean that you can't do it. In fact I know
a popular "geek site" that doesn't run a DMZ for their servers - they all
sit out on the internet with packet filtering on each box. So each server
(web, database, mail, irc, proxy - the lot) are a firewall for themself too.
Never been cracked/hacked despite many attempts over many years.
I run many servers on the inside interface of my firewall, plus
ssh/mail/web/nntp/jabber on the external interface. There have never been
any problems with my config (although on a P100 with 64Mb it does have a
tendency to bog down occasionally). My only advice is to READ as much as
you can about network security and common exploits for the apps (servers)
you intend to run on your firewall, then carefully poke holes in your
firewall to allow everything to talk as it should. Check out Security Focus
(http://www.securityfocus.com/) as good starting point
Good luck,
James
_______________________________________
A random quote of nothing:
He played the king as if afraid someone else would play the ace.
-- John Mason Brown, drama critic<!-- ~MESSAGE_AFTER~ -->
>> Stay informed about: Running Firewall on Apache Server 
FAQ
Profile
Private Messages
Log in
