LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
LinkBack Search this Thread
Old 07-24-2004, 08:42 PM   #1
tman67
LQ Newbie
 
Registered: Jul 2004
Posts: 2

Rep: Reputation: 0
Building a server......


I need to know if I can have four network cards in the PCI slots, then install LINUX. Have one network card for email server. Network card two for my webserver;(using APACHE). The third, well this is where I need help.
I teach at a public high school and there is a need for a "pure" network. No spam, viruses and porn. And well did I mention that schools have a budget issue now.

I found a webpage that gives me a good start.
riverdale.k12.or.us/linux/

Any suggestion??????
 
Old 07-24-2004, 09:30 PM   #2
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Re: Building a server......

Quote:
Originally posted by tman67
I need to know if I can have four network cards in the PCI slots, then install LINUX. Have one network card for email server. Network card two for my webserver;(using APACHE).
yes, you can do it that way... but i'm not exactly sure why you'd wanna use separate cards for those...

Quote:
I teach at a public high school and there is a need for a "pure" network. No spam, viruses and porn. And well did I mention that schools have a budget issue now.
sounds like you need a transparent filtering proxy solution...

http://www.privoxy.org/

http://www.dansguardian.org/



for the viruses and the spam on the email server:

http://www.clamav.net/

http://spamassassin.apache.org/
 
Old 07-25-2004, 02:20 AM   #3
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
You can't put multiple NICs from the same box on the same network segment, unless you're using a bonding driver and if you do that, they just act like one NIC any way...

Now if you're talking about running some services (such as an e-mail server) internally and some (such as a website for the public) externally, then yes you can do that as long as you have each NIC plugged into a separate piece of hardware (separate switch, router, etc). If you want to be able to receive e-mail from the outside, you're going to need to run an SMTP daemon on the external interface too, though.

Now, if the goal is to provide certain services to a network that is strictly internal with no Internet access, you could have one NIC plugged into a switch that goes to internal machines. You could run iptables and prevent the forwarding of any packets from/to that interface. That way machines on the same network could contact services running on that NIC, but they couldn't use the box as a connection to the Internet.
 
Old 07-25-2004, 02:56 PM   #4
tman67
LQ Newbie
 
Registered: Jul 2004
Posts: 2

Original Poster
Rep: Reputation: 0
Thanks for the reply....

Thanks for the reply and the advice. My main concern was with, one wire coming in(T1 Internet connection). I connect this wire into a computer, which I am trying to make a homemade router out of.
Then where does all the other computers get their input? That is why I thought you needed a second network card. Then I have researched this further and somebody told me to divide it into four different areas. 1) network 2) email and I forgot the other two by now.
 
Old 07-25-2004, 07:00 PM   #5
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
you can get away with using just two cards...

you can have a better setup with three...

i'm not sure you'd ever need four for this kinda setup...


basically, with the two card setup, one goes to the internet connection and the other goes into the switch/hub where all the machines in the lan connect to... all the machines in the lan need to go through the linux box to access the internet... all packets coming from the internet to the lan need to go through the linux box first, etc... you throw-in a transparent proxy, and then you have more control over the web surfing aspect of the whole thing (content filter, bandwidth savings, etc.)... this setup would involve having your servers on the same switch/hub as your lan, something that might not be a good idea in a school environment...

that's where the third card comes in... you can connect it to another switch/hub which connects exclusively to your servers... you'd get to fully control access to them... you could set special restrictions for people accessing the servers from the lan and different restrictions for people connecting to the servers from the internet, etc...

three card setups are fairly common these days... granted, card three is usually used for a DMZ (de-militarized zone)... of course in your case you don't need a dmz, so you'd probably be aiming for something like this:

eth0 = Internet

eth1 = LAN1 (students)

eth2 = LAN2 (servers)
 
Old 07-26-2004, 01:50 AM   #6
MS3FGX
Guru
 
Registered: Jan 2004
Location: NJ, USA
Distribution: Slackware, Debian
Posts: 5,850

Rep: Reputation: 350Reputation: 350Reputation: 350Reputation: 350
You can't simply plug a T1 into a computer. It has to be terminated at some type of router that your ISP provided. Which means you have had a router all along, and you technically don't need anything more to get your clients online.

You would connect a switch to your ISP's router, and from there would connect client machines and the server.

But since you want to do content filtering, you would have to connect the router to the server, then to the switch (through a second NIC). And probably more switches from there, depending on how many clients you have.

But like it has already been said, there would be no advantage of running the services on separate NICs. In fact, I have never even heard of such a setup. It would make much more sense to use iptables to block whatever traffic you don't want, and bind your services to one of the two cards only. You could also employ virtual IPs if you needed it to respond to multiple IPs as if the machine had multiple physical NICs.

However, not that I want to steer you away from Linux, but have you really looked into your options for this setup?

As a school, you would qualify for deep discounts for hardware based firewalls/content filters.

The SonicWall brand is very popular, and I have had great experiences with them. They work as a firewall for both incoming and outgoing traffic, and for a low annual fee, the SonicWall will constantly update itself with the latest "inappropriate" sites from a master list of human-reviewed sites. You simply tell it what you feel is inappropriate, and it will automatically download a list of sites that have been deemed by reviewers to meet your criteria, then it will block any attempts to access the site.

And, as I said, with educational discounts, you could get a SonicWall for less that you could get new computer to use as a Linux firewall.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Building web server server filsed Linux - Software 1 07-15-2005 01:56 AM
Building a rack server Smokey Linux - Hardware 3 10-27-2004 06:13 PM
building new server. Ratclaws Linux - Hardware 2 10-19-2004 05:07 PM
building a server hamza11050 Linux - Networking 8 09-23-2004 10:21 PM
Building A Server Crashed_Again Linux - Hardware 5 02-27-2003 12:04 PM


All times are GMT -5. The time now is 01:35 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration