Hi Thakur,
This is not really Linux-related, but I'm answering anyway hoping the
sales pitch I give you will convince you to start using Linux in some
of the functions on your network.
Responses under:
>>>>> "Thakur" == <[EMAIL PROTECTED]> writes:
Thakur> Dear Linux-India members, I know I would better have to
Thakur> post this message to Network administrator. But since I
Thakur> thoufht many of you also have this experience, I am asking
Thakur> those questions to you. Actually those are the questions
Thakur> someone in US is asking me to help.
Thakur> Please help me understand the following issues better in
Thakur> detail as possible:
Thakur> 1. We are going to be hooked up to T1 line Monday. ISP is
Thakur> providing NETOPIA router. Tha router has built-in firewall
Thakur> and DHCP server. Router will be connected to T1 and to
Thakur> 24-Port 10/100 Swtich from NetGear. One of the Ports from
Thakur> the Switch will go to PDC (and eventually another port to
Thakur> BDC) and other ports will be connected to several Windows
Thakur> ME, Windows 98, and possibly Windows 95 workstations and
Thakur> to some pronters too. For now, we are uisng Windows NT as
Thakur> network OS. My question is as we have firewall built-in in
Thakur> the Netopia router do we need another firewall device? How
Thakur> about having a Proxy Server? If I want have a Dual-NIC
Thakur> card Proxy server, I undersrand one of the ports from the
Thakur> NIC Card will be connected to Router and Another to
Thakur> Switch. How important to have Proxy Server, when we have
Thakur> built-in firewall in the Router?
Firewall: You don't need a seperate firewall system if your router is
adequate. See under database.
Proxy: It's useful to be able to provide a proxy for internal clients,
since a properly-configured proxy server can be userd to (a) reduce
Internet traffic, (b) make browsing faster and (c) permit or deny
specific sites. You could also implement Squid and Iptables on a
Linux system to use transparent proxy, which is easier to use than a
regular proxy (which can be bypassed by clients if they so desire).
It's not strictly necessary to have two NIC's in the proxy system: IP
aliases will do the job just as well. Two NIC's are useful for
security, which you've already implemented at the router.
Thakur> 2. Database Server: Database Server will be connected to
Thakur> one of the Ports in the NetGear Switch. It will have an
Thakur> assigned IP address. For now, the Database Server will
Thakur> also host the IIS server. It should be the way you huys
Thakur> have configured your server. Suppose I would like you guys
Thakur> to be able to upload stuffs from there to my database cum
Thakur> web server. Since the web server will be behind firewall,
Thakur> will you guys be able to access the server from there if
Thakur> you are authentic user of our domain? If so how is
Thakur> firewall preventing outside user from accessing ourr
Thakur> network?
If your router firewall permits user authentication you can use that
to tunnel through the firewall to the database/web server. You could
also use SSH to tunnel through the firewall to the appropriate server,
which IMHO is a much more secur solution since it implements high
quality open source encryption and strong authentication. SSH clients
are freely available for Winduhs systems too.
Thakur> 3. Remember we had discussion there about spilitting T1
Thakur> line between US and another party who is sharing space
Thakur> with us? There will be no-split for so many reasons? One
Thakur> of them is they will be using the internet only for e-mail
Thakur> and web browsing and they have only about 6 users. But
Thakur> still, we would like to be able to monitor their traffic
Thakur> load to T1. Is there any smart way of doing this? Please
Thakur> let me know.
Use your router, or throw in a Linux box on the network to do that.
You can monitor by IP, by protocol, by MAC address or by port.
Thakur> 4. Secured Site: Mahato's white does not go far enough
Thakur> explaining about Secured Site. You guys having remote
Thakur> access to our web server from there, can you configure
Thakur> secured site provided we purchase all required software?
Thakur> Please perform a web research and let me know what do I
Thakur> need to buy?
You need to buy a web browser and download Apache and mod_ssl from the
Internet for free. Setting up a secure site with Apache is quite
trivial. You may need to purchase a digital site certificate from one
of the many commercial certification companies -- I personally
wouldn't, but it can't hurt if you have some spare cash lying around.
Thakur> I will keep on bugging you when I have more questions.
Thakur> Thank you, Thakur Gyawali HealthNet Nepal
Regards,
-- Raju
--
Raju Mathur [EMAIL PROTECTED] http://kandalaya.org/
----------------------------------------------
The mailing list archives are available at
http://lists.linux-india.org/cgi-bin/wilma/linux-india-help
