[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Firewall and Mailserver questions - suggestions wanted.

Hash: SHA1

On Wed, Aug 06, 2003 at 09:01:31PM +0900, Bengt Thur?e wrote:
> web cache:			squid
> Ad removal:			privoxy

I recommend adzapper over privoxy, adzapper's easy to set up, easy to

> miscelaneous:		dns, ntp, seti

Don't run seti on your firewall, best to leave it unburdened.

> 1) Is this a good setup? Or overkill? total maybe 10 persons 
> 	to use mailserver in the beginning.

It'll be easier and cheaper to configure and maintain if you make the
box a firewall that just happens to be providing a few services.
You'll still be better off than one of those Linksys boxes and way
better than than a Windows box.

> 3) On which computer should the squid, privoxy, and apt-proxy be
> 	running? On outerfirewall or on webserver? Or should I 
> 	have a dedicated computer for this?

If you're going to take the time and effort to have a DMZ sandwiched
between two firewalls, might as well do it right and not run anything
on the firewalls.

> 4) Is there any idea of having a dedicated logserver?

Probably overkill here.

> 5) Mail server and web server? Should this be in the same
> 	computer, or separate? More secure if they are in separate?

Unless we're talking thousands of users here, one box is fine for both.

> 6) Should I have the security stuff also on the dmz area?


> 7) Is it recommended to configure cron-apt to run once a day,
> 	and only install the security updates?

Not recommended that you have it automate installation.

- -- 
 .''`.     Paul Johnson <baloo@ursine.ca>
: :'  :    proud Debian admin and user
`. `'`
  `-  Debian - when you have better things to do than fix a system
Version: GnuPG v1.2.2 (GNU/Linux)


Reply to: