How should server software be separated across servers?
 

I'm planning on setting up a pair of dual proc P3's for hobby home servers. I'm probably going to use CentOS-5, unless someone else has a better distro and a valid argument for it. My question is, how should I split up the the server software across the two? I know that some apps shouldn't be running on the same server for security reasons. I have a list of intended uses for them and potential software to accomplish these goals:

* Web server (apache-2.2/php5/perl5/python/tomcat)
* FTP server (vsftpd)
* DNS server (bind)
* Proxy cache (Squid/dansguardian)
* NFS/CIFS share
* print server (cups)
* SQL server (mysql/postgresql)
* Mail server (dovecot/postfix/spamassasin/clamav/squirrelmail)
* router (isc-dhcp/iproute)

I probably have more, just can't think of them at the moment... I can also put together a couple more servers from two other boards if more are needed.

Without knowing more detail, its tricky, but assuming(!) you'll want web users to be able to use ftp uploads and its DB backed, I'd go with an 'App Server' : Apache/MySQL/vsftpd and and 'Admin Server' ie everything else.
The unknown there is what you want the NFS and/or CIFS for...

No firewall then :confused: Or do you perhaps have a firewall external to these two boxes?

The firewall (to the external world, assuming that you have some higher level of trust of internal users than of the big bad internet and its denizens) is the app for which the strongest security case can be made that it should have a box to itself (I don't belive that is true, for ever and for always, but that's another matter).

After that, you have to consider processor load and memory usage. Difficult to say much about that without some knowledge of your usage.

NFS/CIFS was to be for a file server, so I could share files across the network. Depending on whether I need Windows compatibility will determine which protocol. As for the firewall question, I was going to set them both up with their own firewalls that will let in access to the services that are running on each one, but only to my own private Intranet.
Their main usage is going to be primarily SOHO servers and a way for me to be able to SSH home with my notebook/laptop to access all my computers.

Are you saying that the only 'Net access to either one of them will be from your own laptop?

For a firewall/gateway/router have you considered SmoothWall Express, IPCop, or equivalent? (Each needs its own box, but you only need one of them. :) )