machines (ii)
I am looking to put together a Debian based firewall and a mail server -how bad of an idea is it to host them on the same machine? (please explain how dumb it is, if so) How much power would I need (CPU/RAM/HD) to make it (or each of them) work? I just browse at home and download the occasional files and would like to learn how to configure various mail and firewall packages. not too much strain. Thanks! Mark p.s. please cc to me directly on replies
Re: machines (ii)
On Sat, 30 Sep 2000, Mark Simos wrote: I am looking to put together a Debian based firewall and a mail server -how bad of an idea is it to host them on the same machine? (please explain how dumb it is, if so) How much power would I need (CPU/RAM/HD) to make it (or each of them) work? I just browse at home and download the occasional files and would like to learn how to configure various mail and firewall packages. not too much strain. Thanks! Mark Mark, I would not put the mail server on the firewall. This is because of disk requirements. It is pretty easy for a lot of users on a machine to fill up disk fairly quickly. About the only time I would put a mailer on a firewall is for use as a transparent proxy to handle outbound mail or as a relay machine for inbound mail to route it to your real mailhost. You do not need much in the way of CPU power. One method is to get a BUNCH of RAM, create a bootable CDROM that boots initrd and runs from a ramdisk. Set up syslog to log to a remote system that has a hard disk, remove ALL hard disks from the system. Now if someone roots your box, you just reboot and everything they did evaporates with the freshly loaded binaries. Once you discover how they got in, you create another bootable CDROM and reboot the box to load the more secure stuff. I would use ECC RAM in this configuration. Since logs are being sent to a remote system, and since nothing is persistant over a reboot, and since there are no hard disks to fail, you have a fairly secure and robust firewall.
Re: machines (ii)
On Sat, Sep 30, 2000 at 12:13:47PM -0400, Mark Simos wrote: I am looking to put together a Debian based firewall and a mail server -how bad of an idea is it to host them on the same machine? (please explain how dumb it is, if so) Well, if someone cracks your firewall then they'll also get your mail and the mail server may provide an additional way into your firewall. OTOH, how much do you care? How much power would I need (CPU/RAM/HD) to make it (or each of them) work? How much load do you have? For a home system on a modem a 486 should handle the load from both quite happily. With a broadband connection you might want a somewhat more powerful CPU. -- Mark Brown mailto:[EMAIL PROTECTED] (Trying to avoid grumpiness) http://www.tardis.ed.ac.uk/~broonie/ EUFShttp://www.eusa.ed.ac.uk/societies/filmsoc/ pgpK7JKqlcxRi.pgp Description: PGP signature
Re: machines (ii)
shouldnt be a problem, most machines i build are very multipurpose and usually all have their own individual firewalls. e.g. my home network is 3 machines, with 1 of them acting as: firewall gateway(hooked directly to the dsl router) NAT NFS server NIS server www server POP3 server SMTP server DNS ftp server Unreal tournament server runs solaris on top of vmware port forwarding for a couple ports X server x font server(true type) ssh server dhcp server nocol server snmpd server(for gatherning network stats) vpnd client proxy/caching server(squid) i use it for irc too its a k6-3 400 256MB with a 640k dsl connect and 36GB of hd. soon to be upgraded to a 1mb connect. my firewall rules are quite extensive, and it works great. thats one of the things i like best about linux is it's ability to do tons of things at the same time. some people are more paranoid and like to have a dedicated box for a firewall, but for my situation a dedicated box is not needed. you can see the webserver and mrtg/ipac stats at http://portal.aphroland.org or join me in unreal tournament sometime at portal.aphroland.org:12001 (private server, not advertised to the world since im limited on b/w) if there was more services that i felt were useful id be the first to try them :) nate Mark Simos wrote: I am looking to put together a Debian based firewall and a mail server -how bad of an idea is it to host them on the same machine? (please explain how dumb it is, if so) How much power would I need (CPU/RAM/HD) to make it (or each of them) work? I just browse at home and download the occasional files and would like to learn how to configure various mail and firewall packages. not too much strain. Thanks! Mark p.s. please cc to me directly on replies -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null -- ::: ICQ: 75132336 http://www.aphroland.org/ http://www.linuxpowered.net/ [EMAIL PROTECTED]
Re: machines (ii)
It depends on how secure you want it to be if all you need is basic NAT and some packet filtering it is not a *really* bad idea. If you want anything more than that I would not do it. -- Original Message -- From: Mark Simos [EMAIL PROTECTED] Date: Sat, 30 Sep 2000 12:13:47 -0400 I am looking to put together a Debian based firewall and a mail server -how bad of an idea is it to host them on the same machine? (please explain how dumb it is, if so) How much power would I need (CPU/RAM/HD) to make it (or each of them) work? I just browse at home and download the occasional files and would like to learn how to configure various mail and firewall packages. not too much strain. Thanks! Mark p.s. please cc to me directly on replies -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null
Re: machines (ii)
On Sat, 30 Sep 2000, George Bonser wrote: On Sat, 30 Sep 2000, Mark Simos wrote: I am looking to put together a Debian based firewall and a mail server -how bad of an idea is it to host them on the same machine? (please explain how dumb it is, if so) How much power would I need (CPU/RAM/HD) to make it (or each of them) work? I just browse at home and download the occasional files and would like to learn how to configure various mail and firewall packages. not too much strain. Thanks! Mark Mark, I would not put the mail server on the firewall. This is because of disk requirements. It is pretty easy for a lot of users on a machine to fill up disk fairly quickly. About the only time I would put a mailer on a firewall is for use as a transparent proxy to handle outbound mail or as a relay machine for inbound mail to route it to your real mailhost. You do not need much in the way of CPU power. One method is to get a BUNCH of RAM, create a bootable CDROM that boots initrd and runs from a ramdisk. Set up syslog to log to a remote system that has a hard disk, remove ALL hard disks from the system. Now if someone roots your box, you just reboot and everything they did evaporates with the freshly loaded binaries. Once you discover how they got in, you create another bootable CDROM and reboot the box to load the more secure stuff. I would use ECC RAM in this configuration. Since logs are being sent to a remote system, and since nothing is persistant over a reboot, and since there are no hard disks to fail, you have a fairly secure and robust firewall. Do you have a link or know of a good book that describes how to do this? I'd love to give this a try at my house. Jesse
Re: machines (ii)
Do you have a link or know of a good book that describes how to do this? I'd love to give this a try at my house. Jesse Well, I would first look at the CD-Writing-HOWTO which has some basic stuff on creating CDROMs and some information on making bootable CDs. Then I would direct you to the ../Documentation/initrd.txt file in your linux source tree so you can learn a little about initrd booting. Then, while you are there, have a look at the ramdisk.txt file. These should keep you busy for a while :-)
