LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   router, name server, web server, ssh, mailserver (https://www.linuxquestions.org/questions/linux-security-4/router-name-server-web-server-ssh-mailserver-4679/)

dilberim82 07-24-2001 03:10 PM
router, name server, web server, ssh, mailserver
 
Is it a good idea to run all of the above in a one computer? Or should i buy another used computer which will just have router? And if i have a linux box as a router, can i use my other computer as a nameserver, and a webserver (because its going to have an ip like 192.168.0.1)? Which way is more secure?

mcleodnine 07-25-2001 03:22 AM
Logic would dictate that the rule of
Code:
echo "all eggs" > basket.one
is just a bad foundation for a good network.

I've got the hardware, just short in the talent pool (it's just lonely me in the shallow end). I need to place a http server behind a firewall, keep my named servers in a DMZ, and try to get mail to either a 'private' IP or just to a box behind a rugged, sniffing firewall.

I've read as many howto's as I can find, and my setups still fail. I've got five static IP's. I've used two of them for the name servers (I know... I should co-locate a name server.):rolleyes: The last time I attempted it I had a really funky routing problem that looked like it had potential as a totally unpredictable balancing firewall (ie: useless).

jharris 07-25-2001 07:09 AM
I think it should be noted that this isn't going to be a business setup as far as I could gather from previous threads - just a home LAN...

cheers

Jamie...

dilberim82 07-25-2001 03:50 PM
Thanks everyone who replied!

I understand both of you but as much as this is home use only, i think it would be a good idea to have as much security as i can... I am no expert on security, neither anything related to it but i think it would be a good practice for me to do them in two different boxes... I dont want to break any eggs. Ok now i've decided to have a linux box router, which services do you suggest for me to run on these? I was thinking of

P200, 3.2 GB, 64 MB = Router and name server
PII 450 10 GB 128 MB = Webserver, mailserver and ssh

Is that good or should i use another combination?

mcleodnine 07-25-2001 04:08 PM
Yep. Config looks good, but sshd on the firewall box would be handy as well. DENY port 22 on the 'public' interface if you don't need to manage it from the outside world.

dilberim82 07-25-2001 04:52 PM
thanks for replying mcleodnine
I do alot of traveling and i have to update the contents of my website (if i ever can get it up and running)... + I am going to be hosting a website for my brother and he does not know anything about linux... I am going to make a user account for him (obviously) and he can change contents from his computer.

nabil 07-25-2001 07:03 PM
So What is the problem here!

dilberim82 07-25-2001 07:56 PM
k
 
Nabil,
I got the dns to work for the first time today :). Boy does it feel good :). But my bro bought another comp and he wants to use it to surf the net, and i bought another computer to use it as a router :). I was just trying to figure out which services to run on which computers and i think the problem is solved.
And i owe a big thank you to you, Jamie, and Jeremy and everyone else who made this place possible for the newbies :).

nabil 07-26-2001 03:33 AM
Cool,
Good for you.
If you need a very simple solution for a router, then get smooth wall..It is a linux firewall and a router. It is easy you can set it up in less than 10 minutes and have a working router with a firewall built in.

raz 07-26-2001 06:14 AM
I agree, you have to decide just how important network security is to you.
If your a business then it means money and reputation when something goes wrong, if it's just a home LAN then it's just annoying and time consuming.

My job is to provide security for Banks in London and this is how you would roughly do it. "without going into too much detail" :)

============
Big Bad internet
============
|
HTTP in
HTTPS in
|
------------------------
Bank's FW
------------------------
DNS,
WEB
VPN tunnel to 2nd FW


------------------------------------- new network --------------

=================
Other trusted bank site
=================
|
VPN/IPSEC/FWZ
|
|
--------------------------
Banks 2nd FW
---------------------------
|
|
|
|
SMTP
VPN tunnels (DMZ)
|
------------------------
Banks 3rd FW
------------------------
|
IDS
VPN tunnel servers (IDZ + stateful inspections)
|
-------------------------
Banks FW
-------------------------
|
PDC's & POP, DNS cached, etc
Corporate internal IP's -------> red lines to transaction servers
Database systems


This is just a rough diagram, but it shows you the topology needed, also you don't put your public access sites anywhere near your private sites.
And you use the Mutilhomed firewall method with passive IDS and stateful packet inspection, using Cisco PIX and FW1 boxes with Rainwall and other Load balancing techniques.

/Raz


All times are GMT -5. The time now is 07:03 PM.