Re: DSL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tuesday, Joe wrote:

Scot L. Harris wrote:

Grouping the types of services you mentioned on one box makes sense.
Having your main email server, DNS, file shares etc on the same box as
your firewall is IMHO asking for trouble.


We do run a hardened postfix mail relay on the firewall, as well as dns,
dhcp and squid (but I'd agree that file shares would be better placed
elsewhere) So, if that be asking for trouble, trouble seems to be hard
of hearing.

I second the notion of file shares belonging elsewhere. I'm also inclined to have the actual mail server (not the mail relay) behind the firewall. (Important distinction!). Mail relay is definitely well-suited to running on the firewall. I prefer the master dns server be behind the firewall also, but certainly run dns on the firewall as a secondary. Squid and dhcp definitely have a place on the firewall.


If I had not had a DBA wipe out a file system while doing an oracle
upgrade which in turn knocked out email services for the entire
department as well as web services and Lotus notes on that box I would
probably be happy to put all kinds of stuff on a box.  But including
those kinds of applications on a firewall is in my book a major no no.

Agreed, something like lotus notes IMHO should not be on a firewall - it
should be tucked safely inside, and protected from the big bad internet
by a sendmail or postfix relay.

Yes, definitely. Or an exim relay. :)


I'm actually using Astaro Security Linux 4 on my gateway, which incorporates firewalling (iptables), vpn server (ipsec and pptp), exim mail relay (with spam scanning, virus scanning, blacklisting, etc), squid proxy server, socks app proxies, port scan detection, dhcp server, nat, etc, etc. It does pretty much everything and anything you'd ever want, all with a unified web admin interface.

It'll run on a nice, compact, low-power, low-noise epia system, and there's a free home user license for it, too.

I just wanted to throw out the middle ground, so to speak, between using a Linksys SOHO router and a full-blown Red Hat Linux box for your router. I've tried all those routes, and have found ASL far and away the best solution, at least for my needs. I wouldn't hesitate to recommend it to anyone else.

Oh, and all ASL updates can easily be fully automated (set up the schedule in the web admin), with email notifications when updates are ready (or installed, if you go fully automated), scheduled emailing of a configuration file that can be used to restore your system from bare metal, etc. It also has some load-balancing capabilities. Really a very cool product.

That's my two cents on the issue... :)
-jcw
--
Jarod C. Wilson, RHCE
<jcw@xxxxxxxxxxxx>
"A wise man once said nothing at all."


-- Shrike-list mailing list Shrike-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/shrike-list

[Index of Archives]     [Fedora Users]     [Centos Users]     [Kernel Development]     [Red Hat Install]     [Red Hat Watch]     [Red Hat Development]     [Red Hat Phoebe Beta]     [Yosemite Forum]     [Fedora Discussion]     [Gimp]     [Stuff]     [Yosemite News]

  Powered by Linux