Re: Firewall and Mailserver questions - suggestions wanted.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, Aug 06, 2003 at 09:01:31PM +0900, Bengt Thur?e wrote:
> web cache: squid
> Ad removal: privoxy
I recommend adzapper over privoxy, adzapper's easy to set up, easy to
maintain.
> miscelaneous: dns, ntp, seti
Don't run seti on your firewall, best to leave it unburdened.
> 1) Is this a good setup? Or overkill? total maybe 10 persons
> to use mailserver in the beginning.
It'll be easier and cheaper to configure and maintain if you make the
box a firewall that just happens to be providing a few services.
You'll still be better off than one of those Linksys boxes and way
better than than a Windows box.
> 3) On which computer should the squid, privoxy, and apt-proxy be
> running? On outerfirewall or on webserver? Or should I
> have a dedicated computer for this?
If you're going to take the time and effort to have a DMZ sandwiched
between two firewalls, might as well do it right and not run anything
on the firewalls.
> 4) Is there any idea of having a dedicated logserver?
Probably overkill here.
> 5) Mail server and web server? Should this be in the same
> computer, or separate? More secure if they are in separate?
Unless we're talking thousands of users here, one box is fine for both.
> 6) Should I have the security stuff also on the dmz area?
?
> 7) Is it recommended to configure cron-apt to run once a day,
> and only install the security updates?
Not recommended that you have it automate installation.
- --
.''`. Paul Johnson <baloo@ursine.ca>
: :' : proud Debian admin and user
`. `'`
`- Debian - when you have better things to do than fix a system
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE/McXKsClmdIs2Ki8RAjkPAKCAswrlXz3JeOiJ0iQnohkXEZV29QCeJKJ4
hd+inRKKAhI/8VAkyct9zgc=
=K7ya
-----END PGP SIGNATURE-----
Reply to: