[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Firewall and Mailserver questions - suggestions wanted.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hej Guys,

I am in the processes of designing/building up a new
firewall and mailserver for my family's use, and yes
I am a beginner on Debian and building my own network.
But really looking forward to it. Will be lots of fun.

I am thinking of getting two firewalls, and having a DMZ 
in between.
(Internet -> Outerfirewall -> DMZ -> Innerfirewall -> local)

I also would like to run apt-proxy, squid, privoxy, but where?
I am planning to go down to Akihabara and find some second hand
old pentium mini desktops. Was planning on three old computers, but
would like to get the right setup from the beginning.
(Pentium 300 128MRam for firewalls, Pentium 900 256MRam for Webserver)

I am planning on having the following software. Please let me
know if I am missing something, or have the wrong combination...

MTA : 			postfix, postfix-tsl, pop-before-smtp
pop3: 			courier-pop-ssl
imap: 			courier-imap-ssl
Remove javascripts: 	Sanitizer
Remove spams:		spamassassin
Sort mails:			procmail
fetch pop mails:		fetchmail
Web mail interface:	squirrelmail (with loads of plugins...)
Fetch hotmails:		gotmail
web cache:			squid
apt cache:			apt-proxy
Ad removal:			privoxy
Security:			snort, acidlab, tripwire, logcheck, harden,
				bastille, iptables
web server:			apache
miscelaneous:		dns, ntp, seti
security updates:		cron-apt

I would very much like to know what your recommendations are.

1) Is this a good setup? Or overkill? total maybe 10 persons 
	to use mailserver in the beginning.

2) My thoughts are to have absolute minimum installed on the
	firewalls, especially the inner firewall.

3) On which computer should the squid, privoxy, and apt-proxy be
	running? On outerfirewall or on webserver? Or should I 
	have a dedicated computer for this?

4) Is there any idea of having a dedicated logserver?

5) Mail server and web server? Should this be in the same
	computer, or separate? More secure if they are in separate?

6) Should I have the security stuff also on the dmz area?

7) Is it recommended to configure cron-apt to run once a day,
	and only install the security updates?

Thanks in advance

Bengt (a rather beginner on Debian and network, but loving it)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (MingW32)

iD8DBQE/MO4a572CTldjlxoRAuaqAJ9zwGNP6pz57Fdruj+Df9BdFEGMogCeJ0eB
cwNuBX0VvL4Pp59PSuuw1rs=
=D5dX
-----END PGP SIGNATURE-----
Reply to: