Firewall Settings for RealServer

Archived from groups: comp.security.firewalls (More info?)

David Richter wrote:
> I am currently running RealServer 9.0 on a Linux server and would like
> to run the server behind a Netscreen-100 firewall.
>
> The documentation from Real states that the ideal configuration would
> be to run the RealServer on the DMZ port of the firewall, but from a
> security standpoint, I would prefer to have the full firewall
> protection.
>
> Has anyone successfully configured their firewall to allow the
> RealServer to work? Some of the support threads at Real suggest that
> it can't be done, but if the firewall policies were granular enough, I
> have to belive it can be done.
>
> Thanks in advance,
>
> David Richter

The problem with putting any Internet facing server behind the firewall is
that it reduces the security of everything else behind the firewall. If that
server is compromised then every machine is put at risk. That's the reason
for using a DMZ, a compromised server in the DMZ is much less of a risk to
the rest of the network.

If you are running on Linux, why not put the server in the DMZ and use the
Linux built-in firewalling? What version of Linux are you using?

--
Nigel Wade, System Administrator, Space Plasma Physics Group,
University of Leicester, Leicester, LE1 7RH, UK
E-mail : nmw@ion.le.ac.uk
Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555