Minimum Security For LVS box ?

Malcolm Turnbull malcolm.turnbull at crocus.co.uk
Wed Oct 2 08:37:53 BST 2002


OK, I guess I was just being lazy :-).
which never gives good results.



Peter Mueller wrote:
>>Assuming that you have an LVS loadbalancer running on a linux box
>>and this box is behing a firewall so that only ports 80 & 443 are 
>>allowed from clients.
>>
>>Do you really need to harden the loadbalancer firewall rules ?
> 
> 
> Yes, always.
> 
> 
>>i.e. should I enable things like SYN cookie protection etc ?
> 
> 
> It's a good idea to not rely on one firewall box anywhere in your setup.  If
> you've got a PIX or Checkpoint or whatever firewall box what harm can it do
> to take 10 minutes now and setup iptables/ipchains packet filter rules,
> basic accept/deny statements like Joe suggests?
> 
> Syncookies is a whole different ballgame.  Syncookies as I'm sure you know
> prevent SYN-flooding.  Does your firewall safeguard against syn-flooding so
> strongly that you feel syncookies is a bad idea?
> 
> Hope that helps
> 
> Peter
> 
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users at LinuxVirtualServer.org
> Send requests to lvs-users-request at LinuxVirtualServer.org
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users

-- 

Regards,

Malcolm Turnbull

IT Manager
Crocus.co.uk Limited
Nursery Court
London Road
Windlesham
Surrey
GU20 6LQ

01344 629661
07715 770523

http://www.crocus.co.uk/

"They that can give up essential liberty to obtain a little temporary safety
deserve neither liberty nor safety." - Benjamin Franklin







More information about the lvs-users mailing list