Re: firewall -- best practices
John Schmidt <jaschmidt@uofu.net> writes:
> I have a couple of old machines that I will be installing Debian on
> them. I would like to dedicate one of the machines to a firewall, and
> the other machine to a mail server
[...]
> 1. Is it best to not have the firewall doing anything else, i.e. acting
> as a web and/or mail server, and instead use a different machine for
> the mail server?
Yes, this would be best.
Alos, consider using a a DMZ, a network sperate form your private lan,
for hosts that provide internet accesible services.
> 2. Occasionally, I would like to ssh into my network from work. Is it
> best to only open up the port on the firewall or do some port
> forwarding so that ssh connections automatically go to a different
> (non-firewall) machine?
Some of this is preference. I find, I myself prefer to build a tunnel
to remote networks. Having a routable link provides much more
flexibility than remote login.
> 3. I have been perusing different howtos on various networking setups
> mail server, etc. but am always looking for a must read site, book,
> etc. Anyone have any good suggestions?
A solid foundation of IP is well worth the time invested.
"Internetworking with TCP/IP, vol.1: Principles, Protocols And
Architechtures" Douglas Comer is a nice gentle intro to IP networking.
"TCP/IP Illustrated, vol. 1: The Protocols" W. Richard Stevens is
fantastic! I think the ink on my copy is starting to fade from over
use :)
Their are tons of other great resources as well, these two books just
spring to mind as having been particularly enjoyable to me. O'reilly
publishes a decent intro text on TCP/IP by Craig Hunt, (I think that
is correct, I gave my copy away to a friend a while ago).
good luck,
jereme
--
+--------------------------------------------------------------+
Jereme Corrado <jereme@restorative-management.com>
System Administrator
Restorative Management Corp.
gpg: 1024D/9C39E1F0
Reply to: