On Mon, 2001-11-26 at 17:16, Mike wrote: > Hi Folks, > > I'm looking at the best way to impliment a home LAN with 3 machines (+ > hardware firewall) running Linux and Win98 and would asppreciate a logic > check or anyone's opinions. My current network is poorly done (newbie > experiments) so I'd like to redo the lot properly. something like > > Firewall - Old 486 running smoothwall feeding internet to my 3 work stations.. > merlin4 - run's Win98 all the time. > Merlin2k - Runs linux all the time (Needs HTTP, SQL & FTP server) > Apollo, runs linux most of the time but boots to windows occassionally. > Also occassionally a laptop on win98 or 2000. > > What I had thought of was to put samba on merlin4 (linux fulltime) but am > unsure whether or not I need NFS as well. My good machine (Apollo) runs > Linux 99% of the time but needs to boot to windows to do graphics (and flight > sim :), Can a linux machine use an SMB server as a client or am I best > looking at NFS as well? >
smbmount is your friend, its part of the samba clients package > As for file storage, I want to use merlin2k to store my personal files and > serve these out using samba(?) to the other machines as required. BUT I want > to store my work files on Apollo (but have these available to the other > machines as well). This may sound a bit stupid but it seems to be the best > way to use my disk space effectively. I am uncertain wether Samba will > allow me to do this. > set up the samba server to mount using smbmount your file store on merlin2k and them export merlin2k files as a share in samba as well as another share for work. > Firewall. > I want to resurect an old 486DX as a Smoothwall firewall and internet > gateway, i've read the docs and this sounds achievable. This is where I get > confussed, Can I have merlin4 with a HTTP, FTP and SQL server running behind > the firewall (pressumably on the green interface) and still get things out to > the internet from this machine as well as locally? Apollo (the one with work > files) has to be secure (storage of medical related records for work) and I > only want these files available to the internal network and selected files > via HTTP (on merlin2k). yes you can filter on source and destination addresses, have a look at the linux firewall howto, it details how to do this very well using both netfilter and ipchains/ipfwadmin. it should be at www.linuxdoc.org > > The next thing I would like is to have a dial-in server so I can retrieve > files from work, the servfer would need to be on Merlin4 but the files would > have to come from Apollo. I pressume I woud use telnet or SSH to do this and > remotely access a file share, but again I am unsure :-). Merlin2k will be > powered all of the time but I would like to be able to bring Apollo uip and > down as needed (using Wake on LAN) once connected to merlin2k (if that makes > sense. once you are connected to merlin and you can boot appollo you can browse appollo using network neighbourhood since your dial in box is now on the lan and assuming it is part of the correct work group etc. if not you can use scp/pscp to copy the files via ssh. > > I really know very little about networking (as you can probably tell) so > would appreciate any opinions on the best way to do this. Any solution will > do as long as files on Apollo are secure from the internet. > any help appreciated, > have a look at the network administrators guide, it details very clearly how (linux) networking works and gives some valuable studies etc. its available frmo linuxdoc.org from experience the best solutions are usually the simplest ones. Plot out exactly what needs access to what services on what computer, once you have done that you can secure them down using various methods, including Access control lists at the application level, ie make sure (x)inetd is set up to allow/deny specific hosts access control lists at the kernel level, make sure your firewall is set to allow only what is needed through the internet interface Only run services you need, for example dont use telnet when you have no need for it, ie you can use ssh/rsh. Think about what your looking to protect, and how you can protect it. Think about who you are protecting your system from and how to deal with attacks from these people Once you know what needs access to what from where and who wants access to what from where you have a much better idea of how to stop people accessing stuff they should from where they are. HTH David > Mike > > > > -------------------------------------------------------------------- > http://www.lug.org.uk http://www.linuxportal.co.uk > http://www.linuxjob.co.uk http://www.linuxshop.co.uk > -------------------------------------------------------------------- -------------------------------------------------------------------- http://www.lug.org.uk http://www.linuxportal.co.uk http://www.linuxjob.co.uk http://www.linuxshop.co.uk --------------------------------------------------------------------
