Re: machines (ii)
On Sat, 30 Sep 2000, George Bonser wrote:
> On Sat, 30 Sep 2000, Mark Simos wrote:
> > I am looking to put together a Debian based firewall and a mail server
> > -how bad of an idea is it to host them on the same machine?
> > (please explain how dumb it is, if so)
> >
> > How much power would I need (CPU/RAM/HD) to make it (or each of them)
> > work?
> >
> > I just browse at home and download the occasional files and would like
> > to learn how to configure various mail and firewall packages. not too
> > much strain.
> >
> > Thanks!
> >
> > Mark
>
> Mark, I would not put the mail server on the firewall. This is because of
> disk requirements. It is pretty easy for a lot of users on a machine to
> fill up disk fairly quickly. About the only time I would put a mailer on a
> firewall is for use as a transparent proxy to handle outbound mail or as a
> relay machine for inbound mail to route it to your real mailhost.
>
> You do not need much in the way of CPU power. One method is to get a BUNCH
> of RAM, create a bootable CDROM that boots initrd and runs from a
> ramdisk. Set up syslog to log to a remote system that has a hard disk,
> remove ALL hard disks from the system. Now if someone roots your box, you
> just reboot and everything they did evaporates with the freshly loaded
> binaries. Once you discover how they got in, you create another bootable
> CDROM and reboot the box to load the more secure stuff.
>
> I would use ECC RAM in this configuration. Since logs are being sent to a
> remote system, and since nothing is persistant over a reboot, and since
> there are no hard disks to fail, you have a fairly secure and robust
> firewall.
Do you have a link or know of a good book that describes how to do this? I'd
love to give this a try at my house.
Jesse
Reply to: