Multiple firewalls

Setting up a network of load balanced HTTP servers.

My question arises in that im wondering at the benefits of having
independant firewalls on each machine.

I have 6 machines, all with two NIC's with only one machine having the
real world IP on eth0. Each has RH9 so im using iptables.

The network is setup using 192.168.0.11-16 and the firewall is set up
nicely. But what if i run a firewall on each server? Each only has to
listen on port 80 so is there any network benefits to doing this?

Im thinking here of perhaps the DNS server flooding the network on the
broadcast address... each machine would be listening to each packet.
Would this make things 'faster' at the server level?

The intention of course is the network will never be compromised but
are there any real security benefits to be gained here?

What can i be doing to make it more secure? Thanks for any light
anyone can shed on this

Tam wrote:

> The intention of course is the network will never be compromised but
> are there any real security benefits to be gained here?
>

With security, the rule is defence in depth. The more barriers you create,
the harder it is for someone to break in.

--

Fundamentalism is fundamentally wrong.

To reply to this message, replace everything to the left of "@" with
james.knott.

Tam wrote:
> The intention of course is the network will never be compromised but
> are there any real security benefits to be gained here?

James Knott <(E-Mail Removed)> wrote:
> With security, the rule is defence in depth. The more barriers you create,
> the harder it is for someone to break in.

But if those barriers are all the same, then presumably if one can be
compromised then they all can. The key is "[security] in depth", which
requires that you have *different* layers of defence.

Chris