I am not new to the networking world or Linux, but I am looking for a little
input in this instance. What I'm essentially trying to do is get a
locked-down network that is very secure and uses all services through a
central gateway, services such as DNS, Apache, NIS, NFS, Samba, NAT, and IP
Filtering. Now my first question is: is this set-up feasible from a
security perspective and/or feasiblity in setup on a gateway machine?
DNS - Allow all internal machines to use this server as a name server and an
outside name (ie. query the internal server to resolve names on the
internet) caching server.
Apache - Allow only internal machines to access this service.
NIS - Allow only internal machines to access this service.
NFS - only internal machines.
Samba - only internal machines.
NAT - "Masquerade" internal machines on the internet.
IP Filtering - Firewalling rules which drop any requests to the gateway
except for the above services to the internal net.
Now I've heard arguments about putting this particular mixture of services
on one machine, especially a gateway/firewall. Can someone substantiate
I will also be doing some port forwarding in the near future to distribute
some services offered by this one machine.
So can anyone share their thoughts on such a setup ... positive and/or