On Thu, Mar 05, 1998 at 12:01:59PM +1059, Craig Sanders wrote: > On Wed, 4 Mar 1998, Marcus Brinkmann wrote: > > If you can do it, i would suggest that you put the gateway/firewall on a > separate box. scrounge up an old 386 or 486 (running debian, of course) > if you have to.
Craig, I have given this some thought. I did not yet read the relevant documentation, but I'll try to summarize a bit what was suggested by you and the other. The hardware list is now complete, thank you all for helping out. I think, the following would do a good work: machine 1) gateway/firewall spare machine, notably one ISDN card, one ethernet card. Software: ipppd (will call automagically) firewall all outer services (if any, like anonymous ftp, apache) (I'm not sure about this, because of security) ((squid)) machine 2) file and print server medium processor, lot of ram, lot of diskspace, medium graphic card, backup device one or more ethernet cards Software: Network server software (samba, mars whatever) backup software IP masquerading machine 3) workstation good graphic card, enough ram, diskspace for software, one ethernet card Software: xdm, secure login quake and co ;) All machines running debian 2.0 Probably it would be better to have another machine just for backup (with afbackup) in some completely different room. If someone wants to comment on this, I would appreciate it. > It's not a performance issue - a well configured debian box can easily > handle all of those tasks - it's a security issue. the fewer services > running on your firewall, the less likely it is that a newly discovered > security hole can be exploited. This leads to the question if outer services should run inside the network or on the gateway/firewall. Thank you, Marcus -- "Rhubarb is no Egyptian god." Debian GNU/Linux finger brinkmd@ Marcus Brinkmann http://www.debian.org master.debian.org [EMAIL PROTECTED] for public PGP Key http://homepage.ruhr-uni-bochum.de/Marcus.Brinkmann/ PGP Key ID 36E7CD09 -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .