Setting up this way a good or bad idea?
I am building a box that I want as a storage server for all my files. Then I had the idea of using it as a web server and also network monitor/firewall. I have seen a system running IPcop and what was explained to me at the time seemed really like nice security features. What do you guys think about running SAMBA, Apache, on a system also running IPcop? This is only a maybe I have an old system I will try IPcop on first as a stand alone and the server will just be SAMBA and Apache.
Thanks, Kyle |
You can run as many services as you want on a firewall machine(ipcop in ur case) if the data is not at all important for you..
A firewall machine acts as a landing point to any LAN to secure the corporate data.. In your case if you block ports and unauthorised access with proper tcp-wrappers,PAM, iptables.. itcan act very well for all your purposes.. thank you mahen |
Quote:
Thanks, Kyle |
My preference is to run a dedicated firewall / router like IPCop as a separate system. I just think it makes more sense this way.
|
There's no issues running an all in one type of machine instead of running multiple machines to do one task. It's your setup, do as you wish that suits you best. Now in a corporate world, running a file server on your firewall with a lot of traffic just wouldn't make sense really.
|
Quote:
Just watch your load average and response time. That will tell you if you've overloaded the server. (uptime / top / or sar all will show you load average. The default sar setup on many systems will collect load average stats every 10 minutes, so you can see how it is performing for the entire day.) |
Thanks for all the advice, I personally worried about compromises having other things running on the box besides a firewall. Its just more opportunities to have a glitch somewhere. I have an old 366(oc 450mhz) Cele with 576MB and 20 GB drive. I think I will use that solely for a firewall then have my file server on my switch.
Thanks, Kyle |
I think you're doing the right thing, & it's not just loading, it's also security. The idea is that the fewer services running & applications installed, the fewer places for bad guys to infiltrate. SmoothWall Express (the original parent of IPCop) doesn't even install man & the man pages -- just 1 less thing to patch.
IPCop is designed to have a 3rd NIC, the "Orange" interface, to put your server on in a DMZ. You also put it on your LAN & port forward to it. |
Quote:
Thanks, Kyle |
Smoothwall provides licensed & open source versions of their firewall see
http://download.smoothwall.net/pdf/F...Comparison.pdf for features. IPCop is totally open source with many 3rd party addons which sometimes break when a IPCop update is realeased, which is why I usually let the dust settle before updating my sites. Your proposed box specs sound fine for either (ignore any comments you might see about running on 486 boxes with 32Mb memory). I run BLUE, ORANGE and GREEN on my IPCops with OpenVPN net to net linking them all - works great with very little maintenance required. |
Thank you for the explanations. I did know that much about smoothwall just heard its name before. That is also something good to know that sometimes addons in IPcop bomb out with new updates. I guess I will learn as I set it up should not be to difficult.
Thanks again, Kyle |
My Background
I have been using SmoothWall Express (=free) 2.0 for 4 or 5 years. Although there are community add-ons, I made a KISS & security policy not to mess w/ them. The only thing I edit is dnsmasq.conf, & that only to block undesirable domains like ad sources. I have a test SmoothWall Express (=free) 3.0 up, but run only 1 box through it. I like its installer & web interface better (than 2.0), & I will very much like the new features in dnsmasq.conf syntax that come w/ the newer ver. of dnsmasq that is included. They have changed the color code for wireless to Purple (see chart below). Normally, I would would complain that that is confusing; but in this case, I always thought that Blue sounds too "trusted" for wireless. I have done test installs of IPCop, but I haven't really used it yet. When I said that SmoothWall is "the original parent of IPCop", I used the word "original" because since the fork some years ago, I understand they have they have replaced all the original SmoothWall code -- it is now based on LFS. Some Differences IIRC, I have a picky complaint about the way the IPCop installer deals w/ choosing the interfaces, but that is minor. SmoothWall 3's limited outbound traffic control is intriguing. IPCop is Open Source, indeed GPL 2. IPCop's add-ons (to me) are part of the main project. Conclusion I don't have enough experience yet w/ IPCop to pick between them. Wikipedia links IPCop SmoothWall Firewall Interface Color Code Chart Code:
Interface IPCop & SW2 SmoothWall 3 BTW, mickza, thanks for the link. |
All times are GMT -5. The time now is 02:17 AM. |