Re: Advise on setup of small office locally or via VPS
Op Wed, 18 Mar 2015 03:58:02 +0000, schreef Dan Purgert:
<snip>
> I read it as you were /planning/ on using a Debian box for routing and
> firewall (and then switched gears to "what's a good appliance?" midway
> through the writing), which is why I asked.
>
> Honestly, unless you already have said box ready to go, I would skip it
> and just use an appliance (e.g. the UBNT Edge Router). Less to go wrong
> / muck up.
I don't have such a box so I would rather use an appliance as you
suggested.
>> Thanks, looks like a simple and adequate solution.
>
> Yeah, they're a bit more than "adequate" -- they rival equipment put out
> by other vendors that's several times more expensive (IIRC, "cheap"
> Cisco kit is like 500-1000 USD).
Yes, I really liked the specs.
> Note - I'm in the USA, perhaps your local ISP's equipment isn't as
> rubbish as the ones here. Best way to figure it out is by finding out
> what they'd supply, and then digging up discussions about it on google.
Indeed, I will look at the router type and see what google comes up with.
> What I meant was that if you're putting a "local" server into a DMZ area
> already (because it's public facing), adding that extra internal server
> seems to be adding complexity for the sake of complexity, and wouldn't
> be offering you any benefits -- this also ties in with your webmail
> solution, if you choose to also have that going.
>
> Now, if you were a bigger company with two or more sites that happen to
> be somewhat distant from one another, then running a relay would be
> beneficial (as users would all be hitting their "local" mail server,
> instead of /everyone/ needing to hit the server at your HQ site).
That's a valid remark. I will opt to leave the mailserver on the VPS for
the time being.
> You've already got a frontend for them (hint - "roundcube")
Yes, I just need to find a good plugin allowing for the users to change
their password.
> Probably not. I mean, yeah some of the syntax for the config files may
> have changed, but LDAP is still LDAP ... so the core principles of the
> setups will be the same.
I dug up my notes and I have found some ldif files and procedures.
I'm good to go.
> emacs :)
Hehe, I have tried it once. I should take the time to give it a more
thorough try.
> Git works well with source code, I'm not really sure how well it works
> outside of that (e.g. ODT files). I imagine that it would provide
> "some" of the functionality you're looking for, but possibly not all of
> it.
>
> For simple text files, I've taken a liking to rcs. One of the guys here
> (or on one of the other newsgroups I haunt) had a decent basic wrapper
> for it too.
I don't know rcs. I will have a look at it.
> Well, not so sure about the extra firewall in the mix there - I mean,
> yeah you'll have one on site likely as part of your router appliance ...
> but that's pretty much a given these days anyway.
>
> Or are you planning on throwing a firewall somewhere else, such as
> between the LAN and the file server (and if so - why?)
I would hook up the firewall after the ISP router, before the LAN.
The routers of ISP's here only have very basic firewall capabilities.
I rather use my own device to protect the LAN.
And it gives me a chance to learn the UBNT Edge router.
> They'll definitely make it to your ISP. Whether or not your ISP will
> relay them as "yourdomain.com" or
> "our-ip-address-block.somewhere.ISP.com"
> is something you'll have to check with them though ...
>
> Really about the only guaranteed way of getting that would be to own an
> actual block of IPs (i.e. bought directly from one of the number
> registrars ... ARIN or RIPE or one of their delegated subsidiaries).
> But in doing so, you're talking about buying something like a /20 (or
> whatever their currently "smallest" allocation is).
A big block is going to be overkill so I'll have to get by with whatever
my ISP offers me. If I have a couple of IP's, it's enough for the public
services I have.
Regards,
Benedict
Reply to: