LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 04-15-2007, 05:16 AM   #1
andy.l
Member
 
Registered: Feb 2007
Location: Scandinavia
Distribution: Centos/Redhat
Posts: 97

Rep: Reputation: 15
Location of public server


Hi

So, I'm about to set up a new public internet server on my homenetwork, hosting the normal services such as mail, http and probably a ftp server. All primarely for my own benefit. Now the big question is where to put this server. In corporate networks this kind of machines are always placed in the corporate dmz, but what is the norm for home users? Directly in the LAN, and only opening ports in the firewall for external access, or a dmz, with open ports for both LAN and WAN?

/A
 
Old 04-15-2007, 05:41 AM   #2
rocket357
Member
 
Registered: Mar 2007
Location: 127.0.0.1
Distribution: OpenBSD-CURRENT
Posts: 485
Blog Entries: 187

Rep: Reputation: 74
Where you place it really depends on what all you intend to do with it and what your security requirements are. You can set up a reasonably secure ftp/http server, but the one that would concern me is the mail server. I *personally* would prefer to split the tasks up (put http and ftp on one machine and mail on a different machine), but that's really up to you.

How secure you need the machine to be will dictate where to place it. You can go as simple as setting the machine directly on your LAN with portforwarding to allow access, or you can set up a proxy relay between packet filters to manage access to the server. A reasonably simple setup with a proxy would be to place an IpCop machine (with whatever proxy add-ons you need, such as Adv. Proxy) between two OpenBSD packet filters (IpCop functions as a firewall as well, so you can technically use it standalone, if desired). IpCop has four "networks" built into it's design...red (internet or WAN), green (local or LAN), orange (DMZ) and purple (wireless). This way you can divide your LAN up so the "orange" interface (which houses your server) can't directly access your "green" interface (which houses your desktop/workstations), but machines on the "green" interface can access the server. It's overkill for home use, but it'd be more secure than simply setting the machine up on your LAN and calling it a day.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Making server public Stryker Linux - Server 39 01-20-2007 07:41 PM
Mail Server public IP problem crackerB Linux - Software 1 09-28-2006 02:52 PM
VPN Server: need help setting up a public server accessible by win xp clients hamish Linux - Networking 6 09-20-2006 02:39 AM
Where is the logging of the Public File Server? barghota Mandriva 2 07-15-2005 11:27 AM
Server not responding on public IP MS3FGX Linux - Networking 4 07-02-2004 04:16 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 01:41 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration