Hello Dave, Wednesday, February 19, 2003, 6:58:31 AM, you wrote:
Dave> Hello, Dave> I run a 3.2-stable server under my sofa at home. It's under there so my Dave> daughter can't pull the wires out! Dave> anyway... Dave> My question is how stupid is it to run DNS(tinydns),Mail(qmail) + my home Dave> firewall/router ( NAT + pf ) on the same machine?? The choice of software is excellent. You can use vpopmail to really ease thet account maintenance problem. I don't like to run DNS off my machine for the reasons I've already posted (it's a hassle and it's more expensive than subcontracting) Dave> I also allow in SSH, WWW but only from my work IP address, so that shouldn't Dave> affect things & POP but only from internal hosts. Do you know how easy is to spoof IPs? I've never used IPs for accepting some connection. For SSH a good password of an RSA signature should be enough. For HTTP, if you use Apache, you can allow only HTTPS and add a clause that needs client autentication through eiter password, x509 certificate or both. Dave> I'm going to be going wireless on my LAN side soon with the same BSD box Dave> being my wireless access point (gonna use IPSEC), as long as my pf rules as Dave> tight should I be o.k? Or am I being dumb & I need to do something like Dave> stick a DMZ machine in for my dns/mail? I don't really like the wireless LAN if you already have the cable. But if you use IPSec you shouldn't have a problem. I've never done it, though. -- Best regards, Alejandro Belluscio
