On Tue, Feb 18, 2003 at 08:28:50PM -0700, John Schmidt wrote: > 1. Is it best to not have the firewall doing anything else, i.e. acting > as a web and/or mail server, and instead use a different machine for > the mail server? Keeping the firewall box dedicated to just routing and filtering will make your firewall box much harder to crack. > 2. Occasionally, I would like to ssh into my network from work. Is it > best to only open up the port on the firewall or do some port > forwarding so that ssh connections automatically go to a different > (non-firewall) machine? Port forwarding to the desired machine would be good. You probably want to do this for your mail server so it can recieve mail from the outside world. > 3. I have been perusing different howtos on various networking setups > mail server, etc. but am always looking for a must read site, book, > etc. Anyone have any good suggestions? What you seek cannot be found. There is no magic fix or a one-size-fits-all solution to network security. Newbie pointers are available in the Security QuickStart howto available in the howto packages or at http://www.tldp.org/HOWTO/Security-Quickstart-HOWTO/ -- .''`. Baloo <baloo@ursine.dyndns.org> : :' : proud Debian admin and user `. `'` `- Debian - when you have better things to do than to fix a system
Attachment:
pgpgPhQm6cvjx.pgp
Description: PGP signature