In directadmin.com intstallation guide , it said that the server must need to use global IP during installtaion process , but i also want to use our Sonic Wall Firewall ... Does it mean i can not use the hardware firewall with the server ( with directadmin CP )



Oh .. my god !

Yes, as long as it doesn't act like a router and create internal ip addresses.

that mean i can not prevent DOS attack by hardware firewall .


Oh .... directadmin server is so dangerous

On the contrary, there are firewalls which allow you to protect the server and yet allow the external ip address to be forwarded to the server. They act just like a software firewall on your server but without the processing power required of it.

Most firewalls are not designed for webhosting.

To use your SonicWall firwall in a webhosting environment you'll need to either turn off NATting, or be able to NAT IP#s so the same IP# they're receiving the traffic on.

It's been my experience that hardware firewalls are relatively useless in a webhosting environment, because by the time you reconfigure them to allow unrequested data in on all the ports that require it, with no IP# NATting, you might as well just use iptables.

Jeff

but i really use sonicwall to protect our raq 550 server .
I use nat 1 to 1 method which mean 1 globle IP to 1 Lan IP .

You can limit the port service and the traffic in each port .



they help me to protect most of the DOS attack .

RaQs work on private address space supplied by NAT on the SonicWall firewall.

DirectAdmin does not. And most likely won't; at least not in the forseeable future.

So if you can't either turn of the NAT feature for the IP#s you're using for DA, or place your DA server in what they call a "demilitarized zone" with it's normal Internet-routable IP#s, then DA and the SonicWall firewall are NOT compatible.

You might want to ask SonicWall tech support how to create a demilitarized zone for a webserver that must run in public IP space.

Jeff

sonicwall hardware firewall can not do this .


IN my memory , only one hardware firewall can allow public IP behind the firewall .
I can not remember the name .... but it is red box . something like ... [ watch guard ]

How about building your own firewall, then?

There are lots of linux firewall distributions; even free ones.

And even some that run entirely from a floppy.

Jeff

Can u give my any hints or suggestion ?

I just know something kiss and apf .


Would you mind to give me some site or some download URL to me

finally , thank you very much

You can find some Linux Firewall distributions here (http://www.hideaway.net/home/public_html/staticpages/index.php?page=20020515164949519).

They're stand-along linux distributions which you'd run on separate hardware.

Jeff