Re: [OT] best (Linux based!) all-in-one NAS-VPN-firewall?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 6/30/19 5:57 AM, Alexander Dalloz wrote:

Am 29.06.2019 um 10:51 schrieb M. Fioretti:

One of my jobs in the next months will be Free Software teaching/
consulting for a small private school. Part of the consulting consists
of helping the school to evaluate how to set up some infrastructure,
using Linux/Free Software as much as possible.

I have been just asked to, quoting, "suggest an all-in-one
NAS-VPN-firewall for the school". [...]
I am a bit surprised that so far nobody has commented on that request that it is not a good idea to combine the 3 features your client asks for in a single system. Well, VPN server and a firewall can be combined. But I would strongly recommend not to host a NAS on the same instance. 

I was thinking just this yesterday.
I know this type of customer and why they ask for such solution. But you as their consultant should do more than to search for such a miscombination from my point of view. 

That too.

On 30Jun2019 06:36, Robert Moskowitz <rgm@xxxxxxxxxxxxxxx> wrote:
True, but there is software out there that does it all, so you only learn one approach for the two systems.
Again, Nethserver is an example that does it all.  You as the installer decide what goes on which system. 

This point of using one platform but arguably 2 or 3 machines is neat.
Returning to the "do not put the NAS on the firewall/VPN host", the NAS really ought to be a non-external service. So hosting on the firewall itself is a security risk because a small misconfiguration can expose it to the outside world. M. Fioretti (the OP) should argue against that to his client.
The NAS should be physically inside so any external access requires mediation by the firewall. You might want a little DMZ for it, to mediate access from the school too, depending on its content and uses. Eg: 

   Internet
    |
   FW -- NAS
    |
   school
It also means you can do things to one service without breaking the other service. 

Cheers,
Cameron Simpson <cs@xxxxxxxxxx>
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux