[ULTRAMONKEY-USERS] are the directors firewalled?

Glen Kendell glen at martianfireworks.com
Thu Dec 20 05:25:31 EST 2007 

No, Ultramonkey does not firewall the directors.  So you will need to think
about firewalling SSH and anything else that might an open avenue of attack.

There are potential issues with running iptables on the directors
themselves, depending upon your configuration.  It's certainly doable, but
if you have a Smoothwall in front of the directors why not just do all your
firewalling there?

That being said, you should give some thought as to what you would be
running on your directors that might need firewalling.  Ideally, your
directors will be as "appliance like" as possible and will be running the
absolute minimum amount of services and extra "stuff" besides Ultramonkey.

For this reason, my preference for directors is Debian.  Ubuntu is fine, but
do you really need all the extra goodies that come along with even a minimal
install?

Keep it simple and you'll do fine.

- Glen


On 12/19/07 7:37 AM, "Rick Graves" <gravesricharde at yahoo.com> wrote:

> Hello,
> 
> In the next 24 hours, I will attempt to set up 4
> computers in a high availability, load balancing
> configuration, as here:
> 
> http://www.ultramonkey.org/3/topologies/ha-lb-eg.html#real-servers
> 
> For the directors, I will either use ubuntu 6.06 LTS
> or debian sarge.  I have ubuntu installed on all 4
> boxes.  I am planning on trying debian sarge again;
> installation did not go well when I tried it about 10
> days ago, but this time I will use older (1998
> vintage) hardware.
> 
> The real severs will be web servers running Apache2.
> My router will be a Smoothwall 3 box.
> 
> I note from the diagram that the directors are exposed
> to the internet. 
> 
> For optimal security, I think each director should
> have an iptables firewall running that will allow
> access to the desired ports and block access to all
> others.
> 
> Does ultramonkey firewall the directors?
> 
> Thanks,
> 
> Rick Graves
> 
> _______________________________________________
> Ultramonkey-users mailing list
> Ultramonkey-users at vergenet.net
> http://lists.vergenet.net/listinfo/ultramonkey-users

-- 
Glen Kendell
Martian Fireworks Security
206.965.8583 direct
206.399.3510 cell
glen at martianfireworks.com

More information about the Ultramonkey-users mailing list