[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: machines (ii)



On Sat, 30 Sep 2000, Mark Simos wrote:

> I am looking to put together a Debian based firewall and a mail server
>   -how bad of an idea is it to host them on the same machine?
>    (please explain how dumb it is, if so)
> 
> How much power would I need (CPU/RAM/HD) to make it (or each of them)
> work?
> 
> I just browse at home and download the occasional files and would like
> to learn how to configure various mail and firewall packages. not too
> much strain.
> 
> Thanks!
> 
> Mark

Mark, I would not put the mail server on the firewall. This is because of
disk requirements. It is pretty easy for a lot of users on a machine to
fill up disk fairly quickly. About the only time I would put a mailer on a
firewall is for use as a transparent proxy to handle outbound mail or as a
relay machine for inbound mail to route it to your real mailhost.

You do not need much in the way of CPU power. One method is to get a BUNCH
of RAM, create a bootable CDROM that boots initrd and runs from a
ramdisk. Set up syslog to log to a remote system that has a hard disk,
remove ALL hard disks from the system. Now if someone roots your box, you
just reboot and everything they did evaporates with the freshly loaded
binaries. Once you discover how they got in, you create another bootable
CDROM and reboot the box to load the more secure stuff.

I would use ECC RAM in this configuration. Since logs are being sent to a
remote system, and since nothing is persistant over a reboot, and since
there are no hard disks to fail, you have a fairly secure and robust
firewall.




Reply to: