Setting up this way a good or bad idea?
 

I am building a box that I want as a storage server for all my files. Then I had the idea of using it as a web server and also network monitor/firewall. I have seen a system running IPcop and what was explained to me at the time seemed really like nice security features. What do you guys think about running SAMBA, Apache, on a system also running IPcop? This is only a maybe I have an old system I will try IPcop on first as a stand alone and the server will just be SAMBA and Apache.

Thanks,
Kyle

You can run as many services as you want on a firewall machine(ipcop in ur case) if the data is not at all important for you..
A firewall machine acts as a landing point to any LAN to secure the corporate data..

In your case if you block ports and unauthorised access with proper tcp-wrappers,PAM, iptables.. itcan act very well for all your purposes..

thank you
mahen

I never really heard of anyone putting data on a firewall machine before which is why I asked. Would it be just as secure as if the firewall was its own box and the data server is connected by a switch? Assuming the firewall is configured the same for both setups.

Thanks,
Kyle

My preference is to run a dedicated firewall / router like IPCop as a separate system. I just think it makes more sense this way.

There's no issues running an all in one type of machine instead of running multiple machines to do one task. It's your setup, do as you wish that suits you best. Now in a corporate world, running a file server on your firewall with a lot of traffic just wouldn't make sense really.

Ditto what TK said.
Just watch your load average and response time. That will tell you if you've overloaded the server.
(uptime / top / or sar all will show you load average. The default sar setup on many systems will collect load average stats every 10 minutes, so you can see how it is performing for the entire day.)

Thanks for all the advice, I personally worried about compromises having other things running on the box besides a firewall. Its just more opportunities to have a glitch somewhere. I have an old 366(oc 450mhz) Cele with 576MB and 20 GB drive. I think I will use that solely for a firewall then have my file server on my switch.

Thanks,
Kyle

I think you're doing the right thing, & it's not just loading, it's also security. The idea is that the fewer services running & applications installed, the fewer places for bad guys to infiltrate. SmoothWall Express (the original parent of IPCop) doesn't even install man & the man pages -- just 1 less thing to patch.

IPCop is designed to have a 3rd NIC, the "Orange" interface, to put your server on in a DMZ. You also put it on your LAN & port forward to it.

Oh so IPcop is a child to Smoothwall I did not know that. I knew about smoothwall(never saw or used it) and never heard of IPcop until I came back from South Africa. Which do you recommend would be better? I most likely will use NAT for the server and the PAT to the different computers with my router and switch. This server would be a website server as well as LAN file server. That is kinda nice to have a separate NIC for a DMZ. Which one would you recommend, since I dont really know the differences between the two?

Thanks,
Kyle

Smoothwall provides licensed & open source versions of their firewall see

http://download.smoothwall.net/pdf/F...Comparison.pdf for features.

IPCop is totally open source with many 3rd party addons which sometimes break when a IPCop update is realeased, which is why I usually let the dust settle before updating my sites.

Your proposed box specs sound fine for either (ignore any comments you might see about running on 486 boxes with 32Mb memory).

I run BLUE, ORANGE and GREEN on my IPCops with OpenVPN net to net linking them all - works great with very little maintenance required.

Thank you for the explanations. I did know that much about smoothwall just heard its name before. That is also something good to know that sometimes addons in IPcop bomb out with new updates. I guess I will learn as I set it up should not be to difficult.

Thanks again,
Kyle

My Background
I have been using SmoothWall Express (=free) 2.0 for 4 or 5 years. Although there are community add-ons, I made a KISS & security policy not to mess w/ them. The only thing I edit is dnsmasq.conf, & that only to block undesirable domains like ad sources.

I have a test SmoothWall Express (=free) 3.0 up, but run only 1 box through it. I like its installer & web interface better (than 2.0), & I will very much like the new features in dnsmasq.conf syntax that come w/ the newer ver. of dnsmasq that is included. They have changed the color code for wireless to Purple (see chart below). Normally, I would would complain that that is confusing; but in this case, I always thought that Blue sounds too "trusted" for wireless.

I have done test installs of IPCop, but I haven't really used it yet.

When I said that SmoothWall is "the original parent of IPCop", I used the word "original" because since the fork some years ago, I understand they have they have replaced all the original SmoothWall code -- it is now based on LFS.

Some Differences
IIRC, I have a picky complaint about the way the IPCop installer deals w/ choosing the interfaces, but that is minor.
SmoothWall 3's limited outbound traffic control is intriguing.
IPCop is Open Source, indeed GPL 2.
IPCop's add-ons (to me) are part of the main project.

Conclusion
I don't have enough experience yet w/ IPCop to pick between them.

Wikipedia links
IPCop
SmoothWall

Firewall Interface Color Code Chart
BTW, mickza, thanks for the link.