Hi Philip and list, I want to suggest you to run on the net5501 only a security solution likes OpenBSD + PF, or something like pfSense, mOnOwall, or any firewall distro you like and trust.
If this is not in the range of your budget (because you wasn't telling something about) and you don´t want to change your setup, not popular to tell you this on the list here but an easier, faster and cheaper way is to try out the Netgear FVS318N firewall or something you are familiar with. Here in Germany for something round about 150 - 160 € 1 GB WAN Port + 8 GB LAN Ports and a real DMZ port, integrated WLAN, VLAN option SMA Antenna plug easy to change against new ones with 5,7,9 or 12 dBi. Easy to administrate and not the pain of update procedures if this is sorting you needs. One VPN license is also integrated. So you can quick and easy connect the Soekris net5501 on the DMZ port and let them run a plain OS of your choice with your server and services. Only if money, time are very rare and you don´t love update procedures. Quick and short a "keep it simple" way. As an example: net5501 + vpn1411 (if needed) + 4 GB CFCard with an installed OS of your choice as the gatekeeper, and for your emailserver and the webserver you should buy a second Soekris net5501 or perhaps a net6501 or quite and quick another device with your installed 40 GB HDD inside. The Google way I don´t trust, sorry. If you are BSD experienced I really think OpenBSD + PF on the first machine and on the second machine NetBSD with apache and postfix like Izaac was suggesting you is your way ;) These are plain and very outdated primitive tips, but in my opinion the security related services should be even separated from all other in your network and I mean a jail is not really separated. Only a way if you want to set up honey pots based on BSD (honeyd) to separate them from each other a jail is a good choice. I hope that helps you out or lets you keeping an eye on the "situation" with a different view. __________ Best regards Frank ----- No virus found in this message. Checked by AVG - www.avg.com Version: 2012.0.2171 / Virus Database: 2425/4987 - Release Date: 05/09/12 _______________________________________________ Soekris-tech mailing list [email protected] http://lists.soekris.com/mailman/listinfo/soekris-tech
