[KLUG Members] Hey you...got a server suggestion?

members@kalamazoolinux.org members@kalamazoolinux.org
Fri, 22 Nov 2002 10:38:26 -0500

Previous message: [KLUG Members] Hey you...got a server suggestion?
Next message: [KLUG Members] Meeting 2002-11-26 - A Firewall Sampling
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Hi folks,

Howdy.

>I made the leap this week and signed up for DSL with
>seemingly the only provider able to bring it to my house.
>JAS, for those that are wondering.) I went with a business
>package, which will allow me to run my own server.
>(pppphtphtpphtpht Charter...) Here are my intentions:
>- To VPN in from work or wherever.
>- To run my own mail server.
>- To run my own web server, where I plan to host at least
>two sites, possibly 3.
>I intend to have an IPCOP server with 3 NIC's: red to the
>world, orange to a DMZ, green to the family network. A
>couple of questions:
>- Should the web and mail services be separated to two
>servers? If so, should they be in their own DMZ's? 

I have a DMZ box port forward mail to the internal mail server.  MDA's are quite
secure these days when properly configured.

I don't trust web servers, especially ones that run things like PHP, so I'd toss
that out on the DMZ.

>- What, if any, modifications to sendmail should I consider
>to avoid being abused (open relay, etc.)? Is the default
>installation secure enough? (doubtful, that's why I'm
>asking). The ISP has issued me the stern warning that if
>spam originates from my server, they will shut it down
>without asking. Besides that, spam is the spawn of satan
>and is not welcome in this house.

I just submit myself to ORB periodically, to make sure I haven't mucked anything
up and become an Open Relay.    Then put your mailsotre on a seperate partiion
and impose quotas.  Or deliver mail to Cyrus and let it do quotas and duplicate
message suppression.

>- With three interfaces, squid, VPN, and DMZ, what kind of
>beef should I consider for the IPCOP server? I currently
>have a P100, 16 MB, 1 GB HD and it works great. 

Does the VPN source from the IpCop box (can they do that?) or from the internal
network Natted over the IpCop box?  Encryption on a VPN can be a little heavy,
as can squid, but it depends on how much traffic.  Your actually running squid
on a 16Mb box?  Wow.

> I'm open to any other suggestions as well. It's one thing
> to maintain everything that has been passed to you from the
> previous network dude, but this is my home network now and
> I have the opportunity to build it right from the ground
> up. Thanks in advance for any suggestions!

I'd run squid internally on a real box, and not on ipCap, but thats just me.  I
like my firewalls to be firewalls, and nothing else.

Previous message: [KLUG Members] Hey you...got a server suggestion?
Next message: [KLUG Members] Meeting 2002-11-26 - A Firewall Sampling
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]