LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 08-23-2006, 04:51 PM   #1
Kristijan
Member
 
Registered: Sep 2003
Location: Melbourne, Australia
Distribution: NetBSD 3.0.1, Slackware 10.1
Posts: 394

Rep: Reputation: 30
Network Redesign and Software


Hi All,

In the process of redesigning my network, want to change it up a bit and make it more secure.

I have the following boxes on my network:

Bart: My desktop machine
Lisa: My sisters machine
Xbox: Xbox
Krusty: LAMP (Linux, Apache, MySQL, PHP) running a few websites
Homer: Fileserver running Linux with Samba

This is how it's all connected...


Code:
Current Network 
--------------- 
 
 
          (Internet) 
              | 
              | 
         (ADSL Modem) 
              | 
              | 
           (Switch) 
              | 
              | 
    --------------------------- 
   |      |      |       |     | 
 (Bart)(Homer)(Krusty)(Lisa)(Xbox)

Below is my proposed network...


Code:
Proposed Network 
---------------- 
 
 
          (Internet) 
              | 
              | 
         (ADSL Modem) 
              | 
              | 
           (Krusty) 
              | 
              | 
           (Switch) 
              | 
              | 
    -------------------- 
   |      |      |     | 
 (Bart)(Homer)(Lisa)(Xbox)



Krusty, being a lower spec machine will turn into a firewall. Either running Smoothwall, or NetBSD with a pf ruleset.

Any comments on this?

Home will still be my fileserver, but at the same time also run my websites. I'm abit worried about doing this, but I am limited to the number of machines I have. I was thinking running NetBSD on it, and having Apache, MySQL and PHP run inside it's own jail, and leave my fileserver to the rest of the machine.

The reason I'm using NetBSD for most of my machines is because I'd like to learn it. I've been a Slackware user for quite some time now, and would have no problem with setting all this up. Just thought it would be a good way to learn something new. Any other recommendations? Would Open or FreeBSD be better suited for this type of thing?

Any comments on the above design/layout and software are greatly appreciated.

Cheers,
-Kristijan
 
Old 08-23-2006, 04:54 PM   #2
Matir
Moderator
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 117Reputation: 117
Some people may consider it insecure, but I actually host websites off the firewall server. Since the code is all mine and I keep it updated, I consider it fairly secure.
 
Old 08-23-2006, 05:13 PM   #3
Brian1
Guru
 
Registered: Jan 2003
Location: Seymour, Indiana
Distribution: Distribution: RHEL 5 with Pieces of this and that. Kernel 2.6.23.1, KDE 3.5.8 and KDE 4.0 beta, Plu
Posts: 5,700

Rep: Reputation: 61
Unless going to a DMZ setup, I would also host the webserver on the krusty machine. Then use homer as your fileserver. So the only open port to the outside would be 80 for the webserver. Then no ports are forwarded to the lan side. If you forward into the lan then I would run firewall on all machines and open the needed ports to them.

Brian1
 
Old 08-23-2006, 05:19 PM   #4
Kristijan
Member
 
Registered: Sep 2003
Location: Melbourne, Australia
Distribution: NetBSD 3.0.1, Slackware 10.1
Posts: 394

Original Poster
Rep: Reputation: 30
Is it possible to run Smoothwall, but also have a webserver running on the same machine? Last time I played with Smoothwall (going back a few years now) it wasn't possible.

Or am I better off going the BSD option and running a pf ruleset? OpenBSD runs Apache in it's own jail by default correct? Is it possible to put MySQL and PHP into the same jail...or would you leave Apache alone?

-Kristijan
 
Old 08-23-2006, 05:39 PM   #5
Brian1
Guru
 
Registered: Jan 2003
Location: Seymour, Indiana
Distribution: Distribution: RHEL 5 with Pieces of this and that. Kernel 2.6.23.1, KDE 3.5.8 and KDE 4.0 beta, Plu
Posts: 5,700

Rep: Reputation: 61
Haven't used smoothwall but can't see why not. It just requires port 80 open on the external nic if the webserver is runninng on the firewall machine. Might email smoothwall developer and ask the question or check thier help and faq section. Might be a forum over there as well. Might also be able to download the manual or read it online to see what it can do.

Brian1

Last edited by Brian1; 08-24-2006 at 05:38 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Software that my network will need? perlqt Linux - Software 1 08-21-2006 11:32 PM
LXer: Should you redesign your site for Firefox? LXer Syndicated Linux News 0 04-29-2006 07:03 PM
network throughput software masand Linux - Software 3 11-17-2005 11:52 AM
Network monitoring software ctkroeker Linux - Software 21 07-17-2005 09:06 PM
Network Inventory and Software Distribution Software? tonyfreeman General 1 09-25-2004 05:29 AM


All times are GMT -5. The time now is 10:28 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration