[WBEL-users] Iptables Vs Cisco Pix 525
Johnny Hughes
mailing-lists@hughesjr.com
Fri, 21 May 2004 22:55:33 -0500
--=-wtLl5bRqGUOaGbMUW3vI
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
On Fri, 2004-05-21 at 08:37, Simone wrote:
> Hi list,
> my company just bought a couple cisco pix 525 firewall. Now they are
> opening a new office, and at the moment buying another one is not an
> option. So I am going to set up a firewall using iptables on a wbel box,
> and I was wondering if there's really a big difference in security between
> the two different solutions.
IPTABLES is a stateful firewall ... if setup properly it is good. The
major difference is that the Cisco firewall is much more flexible. You
can only port forward port 80 (web incoming if you have a web server) or
port 25 (a mail server), etc. to only 1 machine with iptables ... with
the cisco, you can allow port 80 in to many different servers.
> Know there must be a difference, just would like to understand if having
> iptables is a much worse solution.
>
Other than the prot forwarding limitation, iptables is pretty good.
--=-wtLl5bRqGUOaGbMUW3vI
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 7bit
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/3.0.9">
</HEAD>
<BODY>
On Fri, 2004-05-21 at 08:37, Simone wrote:
<BLOCKQUOTE TYPE=CITE>
<PRE><FONT COLOR="#737373"><I>Hi list,
my company just bought a couple cisco pix 525 firewall. Now they are
opening a new office, and at the moment buying another one is not an
option. So I am going to set up a firewall using iptables on a wbel box,
and I was wondering if there's really a big difference in security between
the two different solutions.</I></FONT></PRE>
</BLOCKQUOTE>
IPTABLES is a stateful firewall ... if setup properly it is good. The major difference is that the Cisco firewall is much more flexible. You can only port forward port 80 (web incoming if you have a web server) or port 25 (a mail server), etc. to only 1 machine with iptables ... with the cisco, you can allow port 80 in to many different servers.<BR>
<BLOCKQUOTE TYPE=CITE>
<PRE><FONT COLOR="#737373"><I>Know there must be a difference, just would like to understand if having
iptables is a much worse solution.
</I></FONT></PRE>
</BLOCKQUOTE>
<BR>
Other than the prot forwarding limitation, iptables is pretty good.
</BODY>
</HTML>
--=-wtLl5bRqGUOaGbMUW3vI--