On Tuesday 30 April 2002 00:11, Alex Daniloff wrote:
Hello SuSE folkz, Is this a good idea to put Firewall, NFS, Database and Web services on one Linux box or they should be separated?
The Web server part is MySQL database driven interface through persistent fcgi scripts. MySQL Database server should be able to operate in a long run with up to 60GB of critical data. The Firewall should keep in stealth mode all unnessesary ports and provide masquerading and routing for a small internal network. The NFS server should export publicly shared data directory to the internal network.
I proposed this configuration: A separate Linux box provides firewall/masquerading/routing services. The second Linux box serves as a NFS, Database and Web server to generate less network traffic during database queries.
One co-worker proposed less costly alternative to put everything on one box.
Another one expressed his opinion in separating all services between four Linux boxes.
Definitely keep the firewall on a separate box. It could be a very low end box, as a simple firewall/router doesn't need much. The web server and the database backend could be on one box (barring any performance issues) but I'd keep them on their own box separate from the internal LAN (this would be a DMZ). If they're cracked your internal LAN isn't automatically compromised. So this proposal would be 3 machines. Anders