Hi all,
I'm setting up a very simple network which currently has a
single linux box acting as the gateway between the LAN and
internet, with everything running on it. I'm planning to
put another system between it and the router for security,
and was wondering if anyone has any comments on how I could
do it better. I've only got two systems to work with for now,
however. In the future I hope to put a non-linux box between
the two, to mix-up the OS vulnerabilities.
Basically I'm keeping all the main services on the 0.2 system,
and using NAT to route everything through the gateway 0.1 to
apache on 0.2. I have two specific questions:
1) I figure running DNS (BIND) inside the LAN is safer, since
I can use NAT to route everything to the DNS server. Does that
make sense?
2) running qmail on 0.1 can help filter out bogus emails and
lessen the load on 0.2, where all the email will actually be
kept. I've never used qmail before (I've used sendmail), but
I imagine it can do this.
Anyway, if anyone has any comments or suggestions I'd certainly
appreciate them.
Thanks!
Code:
----------------------
| LAN |
----------------------
|
|
----------------------
| firewall |
| DHCP server |
| DNS |
| qmail |
| apache |
| 192.168.0.2 |
----------------------
|
|
---------------------------
| firewall: uses NAT to |
| send packets to apache |
| qmail: just filtering |
| NIC #1: 192.168.0.1 to LAN|
| NIC #2: 4.5.6.7 to router |
-------------------------
|
|
-----------------------
| router |
-----------------------