RH9

bytebrowser · 09-07-2004, 08:40 PM

Hi

I am in the process of reconstructing the business' network. We have installed a Small Business Server 2000 that controls the domain and runs exchange.

I would like to setup a RH9 (or any other suggestion) box to protect the domain from nasty things on the internet. I figured that this is what a gateway and proxy would be best for.

The box that I have to use is an old PII with 3 SCSI HDD in it. It has two NICS and is ready to go.

The router is connected to the WWW via ADSL. Apart from supplying internet, it port forwards port 80 to the 2000 Server to run the exchange web access.

I would also like to look into software VPNs as well.

My RH experience is limited, but i will have a go at anything. I work in console, so giving me some directions as to where to go with a GUI setup does not really help me

Thanks

Pete

odious1 · 09-07-2004, 09:16 PM

Well I would use iptables for packet filtering and SNAT. This could also handle the DNAT for the webserver. There are a number of scripts out there that work pretty well out of the box if you don't want to write your own rules. Arno's is probably my favorite. Hope this helps.

bytebrowser · 09-08-2004, 08:06 PM

Thanks.

I have been made aware also of using Squid for the proxy. This this a good module or are there better ones other there?

A computer expert also suggested the idea of an IMAP server as apose to running POP3 to the clients. Does anyone know of any good modules for IMAP? Is IAMP a good way go?

Pete

odious1 · 09-10-2004, 10:28 PM

squirrelmail uses php, imap and plays real well with apache

maxut · 09-11-2004, 05:07 AM

squid with iptables is better than m$ proxy or ISA. if your client will access internet via your linux. u can use squid. it is up to u to use squid as tansparent.
if u prefer squid, i advice u to install also squidguard. it blocks most of addware porn warez... etc sites.
www.squidguard.org

anotherway u can prefer firewall distros such as redwall, smoothwall. they are desinged for firewalling. also they support VPN. redhat doesnt have any VPN service by the default. if u go on with redhat, u must install that kind of softwares and work on firewalling. probably u will want an IDS too, so u must install it too.

bytebrowser · 09-12-2004, 08:16 PM

thanks

i have installed squid and have had a steep learning curve just to get the thing going.

odious1, i had ISA installed and just found it to be too resource hungary. That is why i have gone to squid and iptables.

ATM i am having trouble getting the proxy to connect to the internet. I am using a router that is connected to the www via adsl. Eth1 goes to the router and Eth0 connects to the LAN. I went static on the Eth0 but used DHCP from the router for the proxy. Any commands that I can type into console to check the internet connection is present?

odious1 · 09-12-2004, 10:20 PM

Of course ifconfig will show you the status of both cards. You should be able to ping the internal address of your router from the proxy. Your router will have to be configured to act as a gateway; most do by default but it is something to check. You also need to look at the routing tables on the proxy machine. The address of the router should be listed as the default gw. If not add it by >>>route add default gw [addres of router]. Of course you will want to check connectivity using only ip addresses until that is working so misconfigured dns doesn't mislead you.

cool