Hi folks...
I'm experimenting at the moment with setting up my Internal LAN of a few PC's running WinXP. Last month I tried Mandrake MNF8.2 and was quite impressed with the web admin feature but did find it lacked some configuration features like setting up DNS servers and mail servers... I realize that you shouldn't really run too many services on a firewall but I'm not ready to commit $$$ yet on another dedicated server... but open to comments of course.
I don't know if I'm allowed to ask too many things in one thread or if all this is relevant in this forum, but anyway...
Now, I've applied for two domains and they're currently parked on a registrar. I've also just established an ADSL connection to my place and currently using a NAT capable modem/router which the ISP recommended to connect to my 10/100 switch with crossover cable supplied with modem. Surfing from the win PC is ok but I'm planning to switch away from this OS - it keeps crashing even after reformatting..etc ..etc.
Now, according to the ISP, I am not allowed to connect the modem in Bridge mode but I just tried connecting it to my test Linux box and via the modems web admin interface I was able to see that my public IP was detected although I couldn't even ping anything from the Linux box - firewall I guess. The modem has PPPoE s/w built in - using LLC and connects via crossover to eth1 which was 192.168.0.2 and the modem 192.168.0.1 (factory default is 192.168.1.1) - all my pc's have static IP's connected to the switch in 192.168.1.0/24 and the Linux box has eth0 192.168.1.1 - I've created aliases with virtual hosts on eth0 for dns1,dns2,mail,ldap but this is only my fooling around.
Do you think it's ok (security wise) to use the modem's NAT and just use the ISP default config:
[internet]
+|
+|
[modem]
+|
+|
[switch]
+|.......+\
+|........+\
[1]........+[2] ... etc
Or is it much more secure to disable the modem's NAT and
hook it up to [1] directly which will be the Linux firewall???
Example:
[internet]
+|
+|
[modem]
+|
+|
[1]
++--------[switch]
..................+|....+\
..................+|.....+\
..................[2]......[3] ... etc
OR, should I use the first config and create a NAT to [1] only
so that [1] will forward anything good to [2] [3] etc???
Now, what I also want is: say I have mydomain.net and mydomain.com - both will be hosted separately -
mydomain.net will be hosted by my Internal LAN which has a public static IP and mydomain.com I plan to host it with an external company.
I basically won't need services on [1] except - mail, and dns(?)
I may allow VPN for people I trust... but that's for later on.
I want mydomain.com to handle it's own mail so that I can use
an email like
me@mydomain.com - but - I also want this server to
synchronise/(relay?) to
me@mydomain.net - now because my ADSL connection may not be permanently on, I want the mail server for mydomain.net to retrieve mail from mydomain.com whenever the ADSL line is up, and if not then mydomain.com should keep the mail until next retrieval. Now, from my internal LAN, I want everyone to have
person@mydomain.net and when they send mail to whomever I guess I can try to alias it as
person@mydomain.com - or should I set mydomain.net mail server to send to mydomain.com and let this mail server send it out (silly? I don't know)
Now, I've looked at various FAQ's HOWTO's on DNS but need more info on actually configuring it for my scenario.
I only have one Public IP so do I need another one for dns server 2? Can I run the DNS server at the same time on the firewall and mail server? Do I have to point the nameservers for mydomain.net to my public IP? or can I just specify my ISP's dns servers? I'm also confused about public IP's and dns entries in the main registry - I read that it was not allowed to use someone else's IP before, but now this restriction is lifted, what exactly does this mean? can I just invent an IP of my own??? Sounds illogical.
What would you recommend as a Linux firewall: Mandrake MNF8.2 / Redhat 8.0 / Debian Woody 3.0 - I've tried to install Suse 7.0 but I only got one CD so I didn't bother with it - whereas the first two had 3 and Diabian had 7 although I haven't installed it yet - maybe tonight. Now, I did try installing RH8 but it's config utils all depend on X and I didn't want to install X - Is Debian the same? I've reinstalled Mandrake at least ten times in the past couple of weeks.
Which one of the above distributions would you recommend for my future dedicated dns/mail/ldap/Intranet proxy-web server?
I think I've covered everything... again, sorry if this thread is too long.
Any help appreciated.