Mail server using VMware: SMTP gateway in the DMZ and maili servers on the LAN
I'm looking for help both from Linuxquestions and VMware forums since I'm not sure which place would be best to look. I'm setting up a Sendmail server on top of FreeBSD and have read that it's a good security practice to place the SMTP gateway in the DMZ and the mail servers in the LAN. I would like to know if anyone has any experience doing this with VMs, one in the DMZ and one on the LAN.
As for possible security issues, I know that it could be possible to compromise the DMZ VM and possibly get to the LAN VM but, I think the risk is low as VM security is still decently high. Would I be better to use 2 separate boxes?
Thanks in advance
if you mean you have two seperate network connections into a single VMware server instance with a vSwitch for each nice, one for LAN and one for DMZ then in theory your fine, but it's pretty ugly to be using different security zones on a single platform. Your DMZ systems would be much more likely to be physical machines and not VM's for various security reasons. If you are looking for better security then I would often put low level security zone separation before best practises of SMTP traffic.
depending on your security architecture, many linux / bsd based firewall distro's, e.g. smoothwall, pfsense, ipcop, astaro can provide the SMTP gateway functionality within a security device, which might be a simpler way to get what you're alluding to.
|All times are GMT -5. The time now is 11:59 PM.|