Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
12-22-2005, 05:06 AM
|
#1
|
|
LQ Newbie
Registered: Nov 2005
Posts: 7
Rep: 
|
network topology suggestions
Hi!
I would like to install a linux web/mail server.
I am currently running:
<Internet>
|
|
[ADSL router]
|
|
[Managed switch]
|
|
<internal network>
My questions is where to put it (the server)? I was thinking in a separate segment from the router. Is this a safe configuration? Would could it be improved?
I saw a great document that talked about several topologies and vulnerabilities, i think it mentioned IPCOP and SME Server, and the troubles of running all the services in one macchine. Got it from a link that, i think, was here in the foruns, but now i can't find it. If someone knows this document please post it here.
Any suggestions are welcome.
Thank you.
|
|
|
|
|
12-22-2005, 05:33 AM
|
#2
|
|
Member
Registered: Mar 2005
Location: Wales, UK
Distribution: Gentoo, Debian, Ubuntu
Posts: 60
Rep: 
|
I have put my server behind the router, on the same network as the rest. This way, it is easy to access from the network. Also, you have the advantage of it being behind a firewall. The disadvantage is that, for each port you want to serve, you are going to have to set up port forwarding from the router to your server.
I find this works very well for me.
Rhys
|
|
|
|
|
12-22-2005, 08:11 AM
|
#3
|
|
Member
Registered: Dec 2005
Distribution: Slackware 10.2 - bare.i, Slackware 10.1 - scsi.s, Slackware 9.1 - bare.i
Posts: 47
Rep:
|
Configure IPTables on your server and if the other systems are Windows, put a personal firewall on each one of them. I use ZoneAlarm Pro on my Windows machines. It does a nice job with a firewall, virus detection, pop-up blocker, etc.
Also, do some hardening. That is, remove all processes, applications, etc. on the server that you do not intend to use.
If you have only 6 or so systems, creating DMZs is not very practical, expecially if a DMZ port is not built into your router or firewall.
Finally, think twice about what sites you go to and what emails you open and respond to. Think three times about what mail attachments you open.
|
|
|
|
|
12-22-2005, 11:22 AM
|
#4
|
|
LQ Newbie
Registered: Nov 2005
Posts: 7
Original Poster
Rep:
|
I was consedering adding an IPCOP firewall. Separate the to segments green and orange (DMZ), I just don't know if it would require significant changes in clients or existing infrastructure?
Because the www/mail server is priority then will be moving to some other services (NAS, LDAP; DHCP and probably a SIP Proxy) so i would like to get me a "smart" topology.
Plus i really want to get my hands on that document i talked about  . |
|
|
|
All times are GMT -5. The time now is 12:47 AM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
