RE: Firewall and Mailserver questions - suggestions wanted.
Thanks for the various suggestions...
Appreciate it a lot, and now I am busy doing a lot of reading...
and then off to the second hand computer stores.... :)))
Thanks
/Bengt
-----Original Message-----
From: Paul Johnson [mailto:baloo@ursine.ca]
Sent: Thursday, August 07, 2003 12:22
To: debian-user@lists.debian.org
Subject: Re: Firewall and Mailserver questions - suggestions wanted.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, Aug 06, 2003 at 09:01:31PM +0900, Bengt Thur?e wrote:
> web cache: squid
> Ad removal: privoxy
I recommend adzapper over privoxy, adzapper's easy to set up, easy to
maintain.
> miscelaneous: dns, ntp, seti
Don't run seti on your firewall, best to leave it unburdened.
> 1) Is this a good setup? Or overkill? total maybe 10 persons
> to use mailserver in the beginning.
It'll be easier and cheaper to configure and maintain if you make the box a
firewall that just happens to be providing a few services. You'll still be
better off than one of those Linksys boxes and way better than than a
Windows box.
> 3) On which computer should the squid, privoxy, and apt-proxy be
> running? On outerfirewall or on webserver? Or should I
> have a dedicated computer for this?
If you're going to take the time and effort to have a DMZ sandwiched between
two firewalls, might as well do it right and not run anything on the
firewalls.
> 4) Is there any idea of having a dedicated logserver?
Probably overkill here.
> 5) Mail server and web server? Should this be in the same
> computer, or separate? More secure if they are in separate?
Unless we're talking thousands of users here, one box is fine for both.
> 6) Should I have the security stuff also on the dmz area?
?
> 7) Is it recommended to configure cron-apt to run once a day,
> and only install the security updates?
Not recommended that you have it automate installation.
- --
.''`. Paul Johnson <baloo@ursine.ca>
: :' : proud Debian admin and user
`. `'`
`- Debian - when you have better things to do than fix a system
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE/McXKsClmdIs2Ki8RAjkPAKCAswrlXz3JeOiJ0iQnohkXEZV29QCeJKJ4
hd+inRKKAhI/8VAkyct9zgc=
=K7ya
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
Reply to: