recommended network/server layout for website, email, and backup hosting

To: debian-user@lists.debian.org
Subject: recommended network/server layout for website, email, and backup hosting
From: John Schmidt <jaschmidt@uofu.net>
Date: Thu, 11 Jan 2007 14:59:54 -0700
Message-id: <[🔎] 200701111459.54235.jaschmidt@uofu.net>

Hi,

I would like to host several low traffic web sites at my home with some older 
computers (400 Mhz P2) that I have laying around.  I would like to get some 
recommendations on effective ways of setting up my set of computers that 
would provide a web server, and email server and back up servers.

A big reason for doing this is to learn about more what all is involved and 
don't mind digging into details but would like to ensure that I reasonably 
aware of what I am getting into and potential pitfalls and security issues.

I have a static IP with an IPCOP firewall (with 3 NICs), and a internal LAN 
with several machines running debian behind the firewall.  Nothing is hanging 
off my DMZ right now.  I block everything coming into my firewall except ssh 
traffic.  

These web sites would be publically accessible with low traffic volumes.  In 
addition, I forsee  email hosting for each of the domains.  I would not have 
that many email accounts (not more than 10-20).  I figured that exim with the 
ability to do multiple hosting would suffice.  I would probably set up a 
couple of mailing lists as well using something like mailman.  I would like to 
set up my email server with imap, and pop cabilities for both the publically 
accessible domains and my own personal email access.  I would like to have a 
couple of machines set up in my LAN that would be able to provide two 
levelsof backups for my configurations, both internal LAN backups and DMZ 
level backups (web server and email server).

Initially, I was thinking that I would put two machines in my DMZ zone, one 
acting as a web server and one acting as an email server.  My two backup 
machines would be in my LAN along with my fileserver and another development 
machine.

Regarding server security (email and web server), I have the following 
questions?

1.  Because the machines are slow, would it be better to have the two machines 
do some sort of load balancing or would it be better to have a separation of 
responsibilities?

2.  Would it be better (security wise) to have my email server located in my 
LAN and not in my DMZ zone and just tunnel port 25 traffic through?  

3.  I know nothing about DNS, and figured that I would let someone like 
no-ip.com provide this service for me.  Or would it be fairly straightforward 
to do my own DNS hosting and combine two of my machines for doing primary and 
secondary DNS with other responsibilities, i.e. email/DNS on one machine, 
DNS/web server on another?  Is it possible to have my DNS machines inside my 
LAN, or is it necessary to have both primary and secondary DNS machines in my 
DMZ for better security.  

4.  For imap and pop stuff can the imap server be inside my LAN and access be 
tunneled through as needed.

5.  Should any server, i.e. mail, imap,pop, web be located in the DMZ zone so 
if they are hacked, my internal LAN machines are safer?

6.  Are there some suggested or best practices for having my machines in the 
DMZ access my back up servers?

Thanks,

John

Reply to:

Follow-Ups:
- Re: recommended network/server layout for website, email, and backup hosting
  - From: "Mihira Fernando" <mihiratheace@gmail.com>

Prev by Date: Re: partitioning tools for LVM
Next by Date: Re: two version numbers on a kernel package?
Previous by thread: Re: readonly NFS root: udev means can't use stock kernel? (long)
Next by thread: Re: recommended network/server layout for website, email, and backup hosting
Index(es):
- Date
- Thread