[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-ipchains
Subject:    [ipchains] Basic configuration questions
From:       Josh Kuperman <sar_kuper () sals ! edu>
Date:       1999-04-23 16:00:51
[Download RAW message or body]

I set up one small machine running Linux which currently serves two
purposes: masquerading a few machines and running a Squid proxy server. It
works well enough, but I don't think it will be adequate to support the
number of users I have and I suspect it is not secure enough to use once I
get a registered domain and start supporting e-mail.

I would like to set up a more full conventional Internet site setup. I
would like almost all the normal services mail, http, dns, dhcp, http
proxy-server etc to be running on machines inside my firewall.
To do this I plan to run a linux machine that does nothing beyond providing
the firewall with IPchains and whatever else is needed to support that. 

[inside]<->[firewall machine]<->[Internet Service Provider]

The questions:

1. Will it create any problems to have Public IP address and Private IP
addresses on the same network. Presently, I'm only firewalling private
addresses and most of the sample IPchain rules I see glancing over the list
tend to be for Private addresses. I assume I can set up rules just as
easily for public addresses. 

2. How powerful a machine do I need? I want to know how much memory and
disk space I need to plan for as a function of the number of users. I'm
assuming about 150 users, half of them really just using web browsing
through a proxy server (most likely Squid). I want one machine to be
running just as my firewall machine. I'm hoping to use an old P75 computer
with two fiber adapter cards and about 16M or Ram. Is this reasonable?
Could I get away with a less powerful machine. Should I be looking at
setting it up as a diskless router?

3. Are there any special security risks I need to be aware of? What
services do I need to run on a machine used only for masquerading.I am
figuring with one machine dedicated to the firewall and masquerading
functions I can greatly increase my security since I should be able to stop
anyone from getting into my actual servers. 

4. Am I going to add headaches by having, for example, sendmail running
inside the firewall? 

--
Josh Kuperman        Saratoga Springs Public Library
sar_kuper@sals.edu   49 Henry St  
518.584.7860x211     Saratoga Springs, NY 12866
http://www.library.saratoga.ny.us 
----------------------------------------------
To unsubscribe to this list, write an email to
ipchains-request@rustcorp.com with a body of
'unsubscribe'.

www.rustcorp.com - web site
ftp.rustcorp.com - ftp site

Mail Archives:
http://ww.rustcorp.com/archives
http://www.progressive-comp.com/Lists/?l=linux-ipchains&r=1&w=2#linux-ipchains
----------------------------------------------

[prev in list] [next in list] [prev in thread] [next in thread]