firewalling, imap, DMZ's etc.

To: debian-user@lists.debian.org
Subject: firewalling, imap, DMZ's etc.
From: Andrew Sackville-West <andrew@farwestbilliards.com>
Date: Tue, 17 Oct 2006 15:17:46 -0700
Message-id: <[🔎] 20061017221746.GE5226@localhost.localdomain>
Mail-followup-to: Andrew Sackville-West <andrew@farwestbilliards.com>, debian-user@lists.debian.org

Hi list, I need some advice. My work situation has changed such that I
now have to get out of my chair and climb out of my basement at
frequent but irregular intervals. I live by email and need to connect
to my email and possibly my desktop from multiple locations.

So, obviously, IMAP to the rescue and probably vnc as well, but one
thing at a time. I've played around with dovecot for a bit and have an
understanding of how it works and am ready to implement it. I
specifically need advice on how to set up my server/firewall etc. 

here's my current setup: cable -> smoothwall box -> various machines
including my  debian sid desktop, debian sid/etchish file/mail server,
wifey's winXP box, knoppmyth box, kids debian sid box. 

What I need: access to IMAP mailboxes from anywhere. I've already got
dyndns setup and functioning properly, so that's easy... now

Possible solutions:

1. use my smoothwall box as is, portforward IMAP to my server and run
   with it. potential problems are that my LAN, behind smoothwall, is
   pretty loosey goosey and I run a pretty good risk of being
   compromised. especially because i"m running a not-up-to-date sid
   server (driver issues during install, I could downgrade to testing
   now and solve that problem.)

2. use my smoothwall box as is, set up a DMZ and put another box
   online to be my IMAP server with a DMZ pinhole from the rest of my
   LAN to get mail while at home. Problem with this is I'd need
   another machine running, ugh, and I'm sqeamish about setting up a
   DMZ and then circumventing some of that security...

3. redo my smoothwall box into a debian machine as a
   firewall/router/dhcp server/etc and put IMAP on that box. I could
   lock down that box pretty well and get rid of all kinds of stuff
   that I wouldn't need (like SSH as I'd never be sitting at that box
   and need to SSH to another, for example, though I'd still need sshd
   to get into the thing on occaision.)

4. other solutions like running those services that I want externally
   accessible in a chroot on one of these machines. maybe other kinds
   of weirdness, I don't know. 

My questions are: what do you all think of the above solutions? which
would you recommend? What are some other solutions I'm missing? What's
a good reference work for figuring this out? My concerns are security
for our quaint little home network without giving up its easy ad-hoc
nature.

thanks

A

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: firewalling, imap, DMZ's etc.
  - From: Adam D <emlists@gmail.com>
- Re: firewalling, imap, DMZ's etc.
  - From: George Borisov <george@dxsolutions.co.uk>

Prev by Date: Re: mail not shown after several days, should I wait or resend?
Next by Date: Re: ls sort order again
Previous by thread: Re: gid option on ext3 in fstab[SOLVED]
Next by thread: Re: firewalling, imap, DMZ's etc.
Index(es):
- Date
- Thread