Very Computer

Hello list!

I need help in building a linux system that following things can do:
Mailserver,
Proxyserver,
Firewall

I want to use ADSL for external communication.
The network use Win NT Workstations, 2 NetWare 5 Server and two HP-UX
server.

I would give this job to external company. My location is germany
(Hannover).

All other tips to select the best software are welcome too!

Thanxs in advance.

Dirk Emmermacher
Lowersaxony gymnastics federation

Quote:> Hello list!

> I need help in building a linux system that following things can do:
> Mailserver, Proxyserver, Firewall

> I want to use ADSL for external communication. The network use Win NT
> Workstations, 2 NetWare 5 Server and two HP-UX server.

> I would give this job to external company. My location is germany
> (Hannover).

> All other tips to select the best software are welcome too!

> Thanxs in advance.

> Dirk Emmermacher Lowersaxony gymnastics federation

For the Mail Server:  Postfix is advised.
For the Proxy : try Squid. it's a good product, easy and strong.
For the Firewall over ADSL:  i advise you  to use Kernel  2.2.16-21,
the rpms from RedHat, it's ready for VPN/PPTP firewall/masquerading.
I'm building a similar network for a company and i've done this for myself
 and others...it works fine.
If u need help, dont hesitate. But setting up the Linux box is quite easy.
See you.

Hello starbux

Thanx for yout tip.

Best regards.

Dirk Emmermacher

You may want to consider using two machines for this.   IT's usually
considered a "Bad Thing" to run anything on your firewall.   An old 486 will
do your firewalling nicelly though, then you can use your other box for your
proxy and mail server.  I've always liked qmail, it's very secure right out
of the box, squid is a good proxy with lots of nice addons and ipchains is a
part of all the 2.2 kernels.  Good Luck.

                    Jason
    www.cyborgworkshop.com
...and the geek shall inherit the earth...

Hello Jason!

Its a good tip. I have more than enough 486 for this use.
Most of them have 8MB RAM and 400MB HDD. I hope thats allright for this
task...

Best regards.

Dirk Emmermacher

Quote:> Hello Jason!

> Its a good tip. I have more than enough 486 for this use.
> Most of them have 8MB RAM and 400MB HDD. I hope thats allright for this
> task...

Take a look at some links like "Coyote firewall" and "Linux Router
Project". They're typically single-diskette firewalls - you don't
need a hard disk, at all. Plus write-protect the floppy, and you're
a reboot away from a clean install.

If you're flush on 486/8MB/400MB machines, I'd also look into a
dedicated logging box. Have the firewall and DMZ machines log to
this box, and make sure that there's no other way in, besides the
console. That way, if someone does break in, they can't cover
their tracks by erasing/altering log files. 400MB is completely
inadequate to the task, but you can scavenge at least the one
from the floppy-based firewall, and maybe a few more.

Dale Pontius

Hello Dale!

A dealer have told me about this method using a diskette...
Its a really good method I think.

Quote:

> If you're flush on 486/8MB/400MB machines, I'd also look into a
> dedicated logging box. Have the firewall and DMZ machines log to
> this box, and make sure that there's no other way in, besides the
> console.

So I have to disable a shell for all users.
Whats about /etc/services? Must I disable any services? Root needs
telnet from console, or is it wrong?

That way, if someone does break in, they can't cover

Quote:> their tracks by erasing/altering log files. 400MB is completely
> inadequate to the task, but you can scavenge at least the one
> from the floppy-based firewall, and maybe a few more.

> Dale Pontius

Take care.

Dirk Emmermacher

...

Quote:> So I have to disable a shell for all users.
> Whats about /etc/services? Must I disable any services? Root needs
> telnet from console, or is it wrong?

Use SSH, not telnet. Keep as much *off* your firewall as
possible.

Dale Pontius