Re: seeking tips for setting up a home office...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thursday 19 January 2006 17:53, kitts wrote:
> On Thursday 19 January 2006 01:20 IST, Nigel Henry wrote:
> > > 2) Internet sharing and firewall. Protection as required.
> >
> > I use Smoothwall Express2, soon to be upgraded to Express3 (just in Alpha
> > at the moment). This can be installed on an old machine. I use it on a
> > 100Mhz, 32MB RAM, I Ghz harddrive machine, but would suggest something
> > perhaps a bit faster, with perhaps 128 to 256 MB RAM, and a bigger
> > harddrive. It is secure, and handles NAT (Internet sharing). You can also
> > setup a DMZ (demiliterized zone) where you can keep your Internet
> > accessable webserver, ftpserver, mailserver, etc, keeping them separate
> > from your LAN. Connection to the Internet is either by serial modem (not
> > much use if your running a webserver), or ethernet connection to an ADSL
> > router/modem. I believe USB router/modems are a problem with Linux. Also,
> > and perhaps I'm a bit paranoid, but I also have Guarddog, a GUI for
> > IPtables packet filtering firewall on all my client machines. This
> > enables you to also block selectively, outgoing ports. Of course, most
> > router/modems have built in firewalls, but make sure you get one that has
> > connection to your ethernet connection, rather than USB. Again I'm not
> > sure of the connections. You probably just need to connect it to the
> > uplink on your ethernet switch.
>
> Thanks for the reference Nigel. I briefly went through the smoothwall site
> and it seems good. I am however, concerned that it is not just a software
> installation on linux but installs with linux. This would probably alright
> but then it seems that the kernel is an old one.
>
> I am particularly concerned as i do wish to have other software installed
> on the server but may be faced with compatibility problem with the older
> version of linux in place. I know i will have a subversion server running
> on it.
>
> Or is this all not really a problem at all?

I don't believe that this is a problem. The whole idea of using Smoothwall as 
a dedicated firewall is that you can install it on an older machine, and the 
only thing installed on this machine is the Smoothwall firewall, which does 
receive regular system updates. I do not believe that the using of a 2.4 
kernel introduces any problems. In my setup I have a serial modem connected 
to the Smoothwall, and one NIC installed, which connects to my layer 2 
ethernet switch. Both of my client machines also connect to the switch. In 
your situation, and I presume you will be using ADSL for Internet connection. 
Perhaps the Smoothwall path is not necessary. As I've said, most ADSL 
router/modems will have a firewall, and NAT (Internet sharing for your client 
machines). If you choose to use Smoothwall as an option you will need one NIC 
for connecting to your ADSL ethernet modem (Ibelieve USB modems still will 
not work with Linux). You will need another NIC for connecting to your LAN, 
and another if you have a DMZ (demiliterised zone)  for running an Internet 
accessable webserver, ftpserver,etc. The DMZ keeps your LAN isolated from 
Webserver, FTP server requests from the Internet. 
>
> I do not mind putting up a higher config for the server. I could make my
> existing PC; an AMD64 3000+ with 1Gig of RAM be the server while i
> personally use a laptop.
>
> > > 3) Connecting to the local network from outside over the internet and
> > > acessing it like it were local.
> >
> > The Smoothwall will also handle port forwarding so that your client
> > machines can also be accessed from the Internet. Obviously your ISP will
> > have to have provided you with a static IP address for this to work.
> > Otherwise you will have to subscribe to someone like no-ip, if you only
> > have a dynamic IP address from your ISP.
>
> I have had heard of no-ip but never used it. Will smoothwall make it easy
> to setup and provide good guidelines on connecting over the internet? I
> have not had prior experience with stuff like VPN etc. which i think is
> *the* way to do it(?).

Being only on dial-up, running a webserver is a bit of a No-No for me, even 
though I've tested Apache out, but have to give my current IPaddress to the 
person testing it out. From what I understand about no-ip, you create for 
yourself a domain  name, then whichever dynamic IPaddress is asigned to you 
by your ISP is redirected by no-ip (or other webredirect service) to your 
domain name. Effectively, anyone dialing in to your office would use the 
domain name that you have chosen, and (for instance) no-ip will redirect 
whatever your current dynamic IPaddress is to this domain name. I don't wish 
to ramble on, but you've sort of got to be prepared to get your hands a bit 
dirty working under the hood (bonnet) with Linux. Personally, I think it's 
worth it, as you learn so much about how computers work, and after all, 
anythings better than going back to that other OS, with all it's security 
problems. If you have an older machine just lying around, and the time, put 
Smoothwall on it and give it a try. All the best. Nigel.
>
> > There are other hardware firewalls, IPcop for instance, and Firestarter
> > (available from Sourceforge) is comparable to Guarddog. There are also
> > many others, apart from no-ip offering web redirection. Nigel.
>
> Gaurdog is already on my list! :-)
___________________________________________________
.
Account management:  https://mail.kde.org/mailman/listinfo/kde.
Archives: http://lists.kde.org/.
More info: http://www.kde.org/faq.html.

[Index of Archives]     [Trinity (TDE) Desktop Users]     [Fedora KDE]     [Fedora Desktop]     [Linux Kernel]     [Gimp]     [GIMP for Windows]     [Gnome]     [Yosemite Hiking]
  Powered by Linux