[WBEL-users] Iptables Vs Cisco Pix 525
Bill Davidsen
davidsen@tmr.com
Sat, 22 May 2004 12:07:53 -0400
Johnny Hughes wrote:
> On Fri, 2004-05-21 at 08:37, Simone wrote:
>
>>/Hi list,
>>my company just bought a couple cisco pix 525 firewall. Now they are
>>opening a new office, and at the moment buying another one is not an
>>option. So I am going to set up a firewall using iptables on a wbel box,
>>and I was wondering if there's really a big difference in security between
>>the two different solutions./
>>
> IPTABLES is a stateful firewall ... if setup properly it is good. The
> major difference is that the Cisco firewall is much more flexible. You
> can only port forward port 80 (web incoming if you have a web server) or
> port 25 (a mail server), etc. to only 1 machine with iptables ... with
> the cisco, you can allow port 80 in to many different servers.
I'm not sure what you mean here, you can certainly do packet forwarding
to more than one IP, either in a determinate way to single machines, or
in round-robin load balancing mode. See the DNAT description for how to
set this up.
--
-bill davidsen (davidsen@tmr.com)
"The secret to procrastination is to put things off until the
last possible moment - but no longer" -me