Location of public server
 

Hi

So, I'm about to set up a new public internet server on my homenetwork, hosting the normal services such as mail, http and probably a ftp server. All primarely for my own benefit. Now the big question is where to put this server. In corporate networks this kind of machines are always placed in the corporate dmz, but what is the norm for home users? Directly in the LAN, and only opening ports in the firewall for external access, or a dmz, with open ports for both LAN and WAN?

/A

Where you place it really depends on what all you intend to do with it and what your security requirements are. You can set up a reasonably secure ftp/http server, but the one that would concern me is the mail server. I *personally* would prefer to split the tasks up (put http and ftp on one machine and mail on a different machine), but that's really up to you.

How secure you need the machine to be will dictate where to place it. You can go as simple as setting the machine directly on your LAN with portforwarding to allow access, or you can set up a proxy relay between packet filters to manage access to the server. A reasonably simple setup with a proxy would be to place an IpCop machine (with whatever proxy add-ons you need, such as Adv. Proxy) between two OpenBSD packet filters (IpCop functions as a firewall as well, so you can technically use it standalone, if desired). IpCop has four "networks" built into it's design...red (internet or WAN), green (local or LAN), orange (DMZ) and purple (wireless). This way you can divide your LAN up so the "orange" interface (which houses your server) can't directly access your "green" interface (which houses your desktop/workstations), but machines on the "green" interface can access the server. It's overkill for home use, but it'd be more secure than simply setting the machine up on your LAN and calling it a day.