Hi Thakur,

This is not really Linux-related, but I'm answering anyway hoping the
sales pitch I give you will convince you to start using Linux in some
of the functions on your network.

Responses under:

>>>>> "Thakur" ==   <[EMAIL PROTECTED]> writes:

    Thakur> Dear Linux-India members, I know I would better have to
    Thakur> post this message to Network administrator. But since I
    Thakur> thoufht many of you also have this experience, I am asking
    Thakur> those questions to you. Actually those are the questions
    Thakur> someone in US is asking me to help.

    Thakur>   Please help me understand the following issues better in
    Thakur> detail as possible:
 
    Thakur> 1. We are going to be hooked up to T1 line Monday. ISP is
    Thakur> providing NETOPIA router. Tha router has built-in firewall
    Thakur> and DHCP server. Router will be connected to T1 and to
    Thakur> 24-Port 10/100 Swtich from NetGear. One of the Ports from
    Thakur> the Switch will go to PDC (and eventually another port to
    Thakur> BDC) and other ports will be connected to several Windows
    Thakur> ME, Windows 98, and possibly Windows 95 workstations and
    Thakur> to some pronters too. For now, we are uisng Windows NT as
    Thakur> network OS. My question is as we have firewall built-in in
    Thakur> the Netopia router do we need another firewall device? How
    Thakur> about having a Proxy Server? If I want have a Dual-NIC
    Thakur> card Proxy server, I undersrand one of the ports from the
    Thakur> NIC Card will be connected to Router and Another to
    Thakur> Switch. How important to have Proxy Server, when we have
    Thakur> built-in firewall in the Router?

Firewall: You don't need a seperate firewall system if your router is
adequate.  See under database.

Proxy: It's useful to be able to provide a proxy for internal clients,
since a properly-configured proxy server can be userd to (a) reduce
Internet traffic, (b) make browsing faster and (c) permit or deny
specific sites.  You could also implement Squid and Iptables on a
Linux system to use transparent proxy, which is easier to use than a
regular proxy (which can be bypassed by clients if they so desire).
It's not strictly necessary to have two NIC's in the proxy system: IP
aliases will do the job just as well.  Two NIC's are useful for
security, which you've already implemented at the router.
 
    Thakur> 2. Database Server: Database Server will be connected to
    Thakur> one of the Ports in the NetGear Switch. It will have an
    Thakur> assigned IP address. For now, the Database Server will
    Thakur> also host the IIS server. It should be the way you huys
    Thakur> have configured your server. Suppose I would like you guys
    Thakur> to be able to upload stuffs from there to my database cum
    Thakur> web server. Since the web server will be behind firewall,
    Thakur> will you guys be able to access the server from there if
    Thakur> you are authentic user of our domain? If so how is
    Thakur> firewall preventing outside user from accessing ourr
    Thakur> network?

If your router firewall permits user authentication you can use that
to tunnel through the firewall to the database/web server.  You could
also use SSH to tunnel through the firewall to the appropriate server,
which IMHO is a much more secur solution since it implements high
quality open source encryption and strong authentication.  SSH clients
are freely available for Winduhs systems too.
 
    Thakur> 3. Remember we had discussion there about spilitting T1
    Thakur> line between US and another party who is sharing space
    Thakur> with us?  There will be no-split for so many reasons? One
    Thakur> of them is they will be using the internet only for e-mail
    Thakur> and web browsing and they have only about 6 users. But
    Thakur> still, we would like to be able to monitor their traffic
    Thakur> load to T1. Is there any smart way of doing this? Please
    Thakur> let me know.

Use your router, or throw in a Linux box on the network to do that.
You can monitor by IP, by protocol, by MAC address or by port.
 
    Thakur> 4. Secured Site: Mahato's white does not go far enough
    Thakur> explaining about Secured Site. You guys having remote
    Thakur> access to our web server from there, can you configure
    Thakur> secured site provided we purchase all required software?
    Thakur> Please perform a web research and let me know what do I
    Thakur> need to buy?
 
You need to buy a web browser and download Apache and mod_ssl from the
Internet for free.  Setting up a secure site with Apache is quite
trivial.  You may need to purchase a digital site certificate from one
of the many commercial certification companies -- I personally
wouldn't, but it can't hurt if you have some spare cash lying around.
 
    Thakur> I will keep on bugging you when I have more questions.
 
    Thakur> Thank you, Thakur Gyawali HealthNet Nepal

Regards,

-- Raju
-- 
Raju Mathur          [EMAIL PROTECTED]           http://kandalaya.org/

----------------------------------------------
The mailing list archives are available at
http://lists.linux-india.org/cgi-bin/wilma/linux-india-help

Reply via email to