[nflug] Firewalls

Robert Meyer meyer_rm at yahoo.com
Tue Nov 20 11:24:40 EST 2007

OK, my turn to ask a question.  I have a situation where our firewall (seven or more years old) is no longer supported and it has been losing connections on any box that I upgrade to a 2.6 kernel from a 2.4.  I have Netscreen 100 firewalls and can't even get firmware updates.

So, the question that I post to the group:
I have a fairly fast Internet connection to Vaspian.  I have an environment with 30+ servers and less than 10 workstations that need to be connected.  I need to be able to have the web servers (about 6 for the moment) accessible on the Internet but I have to be able to use stateful NAT to be able to have the firewall point to several web servers for a single IP address for load balancing, etc.  If the firewall did some monitoring to determine that a web server has failed and can remove it from the  pool, that would be a bonus.

I intend to start monitoring the servers with Nagios so maybe Nagios could be used to control the web server pools.

I have actually thought about building a Linux firewall to do all of this, using shorewall but I don't know about the server pool thing.  I haven't researched that at all.

So, I'm soliciting opinions.  I need to know as many options as I can so that I can make an intelligent decision on this.  Note that we're expecting significant growth in our traffic, here.  As always, cheaper is better.




Be a better pen pal. 
Text or chat with friends inside Yahoo! Mail. See how.  http://overview.mail.yahoo.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.nflug.org/pipermail/nflug/attachments/20071120/6e1edfd4/attachment.html

More information about the nflug mailing list