Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Internet security question

Posted on 1999-08-03
Medium Priority
Last Modified: 2010-03-18
Im busy setting up a simple proxy server on my network as follows : the linux server has two network cards, one with a real IP address connected to the internet, the other with my 10.1... address on my internal network. Im running squid on this machine to enable my users to surf the web. My question is : How safe is my internal users from attacks from the internet ? Is it necessary for me to install firewalling software as well ? There is obviously no route between the two NICs except if someone could telnet into the box...  Welldocumented(referenced) answer will receive the points :)
Question by:johand
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3

Expert Comment

ID: 1585992
In that setup, the proxy machine would be the target of attacks.  As you say, if your proxy is compromised, that opens your entire local network to attack.  So long as your proxy is secure, no one will be able to initiate connections into your local network.

In order to properly lock down your proxy server, however, you'll probably end up using firewall-type restrictions anyway.  It might make more sense to give your local network more access to the internet using masquerading, and go ahead and call your proxy server a firewall.

Author Comment

ID: 1585993
" It might make more sense to give your local network more access to the internet using masquerading, and go ahead and call your proxy server a firewall." If you suggest this as a better option, could you be more specific as to how to go about it, where to find information, what packages to use etc...


Expert Comment

ID: 1585994
For the current version of RedHat, at least, the ipchains package will allow you to set up IP Masquerading as well as forwarding and firewalling rules.

Accepted Solution

xpash earned 600 total points
ID: 1585995
Good solution to this problem is to masquerad your internal
network so no one will be able to know that there exists an
internal network...
use ipfwadm-wrapper ipchaining...

Expert Comment

ID: 1585996
ipfwadm is the old way to do it...  *shrug*  ipchains is the currently accepted way...

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Suggested Courses

662 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question