Re: [m0n0wall] 1 to 1 ip routing

From:	"Chris Buechler" <cbuechler at gmail dot com>
To:	"Josh Hyles" <josh dot maillists at gmail dot com>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] 1 to 1 ip routing
Date:	Sun, 21 May 2006 15:40:36 -0400

On 5/21/06, Josh Hyles <josh dot maillists at gmail dot com> wrote:
> I use m0n0wall at home and love it to death, but I need m0n0wall in a
> production environment. I am wondering a few things here. Is m0n0wall
> a good solution for securing a webserver/SQL server from hackers and
> such?
>

It's, as with any firewall, as good as it's configured.  It can't
protect you from traffic you permit, and since you have to permit
traffic to a web server via HTTP at least, it won't protect you from
everything.  It'll do a great job of closing off any services you
don't want publicly accessible.

My point is, with any firewall, don't think "there's a firewall in
front of my web server, so it's secure".  That's not going to protect
you from web server or web application vulnerabilities or
misconfigurations.

the type of setup you probably want with only two servers is this:
http://doc.m0n0.ch/handbook/examples-filtered-bridge.html

-Chris