Hi, I would like to host several low traffic web sites at my home with some older computers (400 Mhz P2) that I have laying around. I would like to get some recommendations on effective ways of setting up my set of computers that would provide a web server, and email server and back up servers.
A big reason for doing this is to learn about more what all is involved and don't mind digging into details but would like to ensure that I reasonably aware of what I am getting into and potential pitfalls and security issues. I have a static IP with an IPCOP firewall (with 3 NICs), and a internal LAN with several machines running debian behind the firewall. Nothing is hanging off my DMZ right now. I block everything coming into my firewall except ssh traffic. These web sites would be publically accessible with low traffic volumes. In addition, I forsee email hosting for each of the domains. I would not have that many email accounts (not more than 10-20). I figured that exim with the ability to do multiple hosting would suffice. I would probably set up a couple of mailing lists as well using something like mailman. I would like to set up my email server with imap, and pop cabilities for both the publically accessible domains and my own personal email access. I would like to have a couple of machines set up in my LAN that would be able to provide two levelsof backups for my configurations, both internal LAN backups and DMZ level backups (web server and email server). Initially, I was thinking that I would put two machines in my DMZ zone, one acting as a web server and one acting as an email server. My two backup machines would be in my LAN along with my fileserver and another development machine. Regarding server security (email and web server), I have the following questions? 1. Because the machines are slow, would it be better to have the two machines do some sort of load balancing or would it be better to have a separation of responsibilities? 2. Would it be better (security wise) to have my email server located in my LAN and not in my DMZ zone and just tunnel port 25 traffic through? 3. I know nothing about DNS, and figured that I would let someone like no-ip.com provide this service for me. Or would it be fairly straightforward to do my own DNS hosting and combine two of my machines for doing primary and secondary DNS with other responsibilities, i.e. email/DNS on one machine, DNS/web server on another? Is it possible to have my DNS machines inside my LAN, or is it necessary to have both primary and secondary DNS machines in my DMZ for better security. 4. For imap and pop stuff can the imap server be inside my LAN and access be tunneled through as needed. 5. Should any server, i.e. mail, imap,pop, web be located in the DMZ zone so if they are hacked, my internal LAN machines are safer? 6. Are there some suggested or best practices for having my machines in the DMZ access my back up servers? Thanks, John -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
