Re: Networking Question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 



On 11/27/2015 11:56 AM, Gordon Messmer wrote:


You're proposing that you set up hosts which are accessible by the
internet (the least trusted zone) but don't have internet access to
retrieve and apply security updates.  That's not a good idea at all.
It doesn't need access to Internet to retrieve updates, I mirror CentOS and EPEL via rsync locally on my network because it makes building packages in mock much faster.
I build LibreSSL for CentOS 7 and custom LAMP stack against it for CentOS 7. And I maintain my own media repository for ffmpeg and modern GStreamer packages, so that CentOS 7 for me has modern multimedia capabilities. So LAN mirrors are needed and exist, and updates don't have to come from remote server. 

I probably should have mentioned that.
Part of the issue I'm currently having on my local network, the router I have seems to die if I try anything DNSSEC enforcing behind it, the caching nameserver in it just stops working.
So I have to run a recursive nameserver of my own on anything I want to validate with DNSSEC.
I know several consumer routers have had issues with security recently, and figured I'd just build a micro ATX to make my own, with DNSSEC enforcing recursive resolver and a mirror for CentOS + EPEL built in for my CentOS hosts on my network.
I can get a WAP for my home wireless needs (small, two laptops and my phone, but I have some range issues with consumer wifi router) and turn my existing wifi router into the wifi for guests, powering it off when I don't have guests.
I don't want to buy an expensive switch, this Intel card I potentially have an opportunity to get one for under $100 which is why I'm considering doing this. 

-=- snip -=-

Port forwarding from B/C to A seems like it isn't the right way. Thanks.
From Internet it's the only way, but that will probably just be an ssh port that is forwarded - my only purpose really is a place to put files I need to access when not at home (I don't like cloud storage for personal files, I understand why servers use it but for personal files, I don't like it, even encrypted I don't want snoops to have access to them.) 

--
-=-
Sent my from my laptop, may not be able to respond timely
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux