recommended network/server layout for website, email, and backup hosting
Hi,
I would like to host several low traffic web sites at my home with some older
computers (400 Mhz P2) that I have laying around. I would like to get some
recommendations on effective ways of setting up my set of computers that
would provide a web server, and email server and back up servers.
A big reason for doing this is to learn about more what all is involved and
don't mind digging into details but would like to ensure that I reasonably
aware of what I am getting into and potential pitfalls and security issues.
I have a static IP with an IPCOP firewall (with 3 NICs), and a internal LAN
with several machines running debian behind the firewall. Nothing is hanging
off my DMZ right now. I block everything coming into my firewall except ssh
traffic.
These web sites would be publically accessible with low traffic volumes. In
addition, I forsee email hosting for each of the domains. I would not have
that many email accounts (not more than 10-20). I figured that exim with the
ability to do multiple hosting would suffice. I would probably set up a
couple of mailing lists as well using something like mailman. I would like to
set up my email server with imap, and pop cabilities for both the publically
accessible domains and my own personal email access. I would like to have a
couple of machines set up in my LAN that would be able to provide two
levelsof backups for my configurations, both internal LAN backups and DMZ
level backups (web server and email server).
Initially, I was thinking that I would put two machines in my DMZ zone, one
acting as a web server and one acting as an email server. My two backup
machines would be in my LAN along with my fileserver and another development
machine.
Regarding server security (email and web server), I have the following
questions?
1. Because the machines are slow, would it be better to have the two machines
do some sort of load balancing or would it be better to have a separation of
responsibilities?
2. Would it be better (security wise) to have my email server located in my
LAN and not in my DMZ zone and just tunnel port 25 traffic through?
3. I know nothing about DNS, and figured that I would let someone like
no-ip.com provide this service for me. Or would it be fairly straightforward
to do my own DNS hosting and combine two of my machines for doing primary and
secondary DNS with other responsibilities, i.e. email/DNS on one machine,
DNS/web server on another? Is it possible to have my DNS machines inside my
LAN, or is it necessary to have both primary and secondary DNS machines in my
DMZ for better security.
4. For imap and pop stuff can the imap server be inside my LAN and access be
tunneled through as needed.
5. Should any server, i.e. mail, imap,pop, web be located in the DMZ zone so
if they are hacked, my internal LAN machines are safer?
6. Are there some suggested or best practices for having my machines in the
DMZ access my back up servers?
Thanks,
John
Reply to: