Samba share in DMZ
From: Emmanuel van Hecke (evh_at_leafletsolutions.com)
Date: 02/22/04
- Next message: Chris: "Re: Netgear MA111 USB Wireless adapter"
- Previous message: Nick E.: "Re: which distro for a file server"
- Next in thread: John S: "Re: Samba share in DMZ"
- Reply: John S: "Re: Samba share in DMZ"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: 22 Feb 2004 07:35:08 -0800
Hi,
Our customer is wanting to have an Linux HTTP server (in the DMZ) that
includes in its PHP pages HTML code generated in real time by a
Windows COM+ service (running on Windows 2000 advanced Server or
Windows Server 2003).
The customer doesn't want to redirect external HTTP requesters to the
IIS of the Windows machine (this was our first proposal, but they
don't want a (vulnerable) Windows machine in the DMZ).
Because the pages are dynamic, we want to have both a secure and fast
solution. It would be great to be "mainstream" and simple to
implement.
We thought of using Samba to share a drive between the linux and
Windows machines. The COM+ service would generate the HTML code on
request and write it to the share for the synchronized Linux process.
Some silly questions:
1) May the Windows machine be behind the firewall and still provide
first class security or does it have to be in the DMZ also?
2) On which machine has the share to be done? Does it have an impact
on performance?
Which is the disk format best suited? May we use NTFS or is FAT
mandatory? (knowing that the Linux would only read the generated
pages)
3) We understand it is possible (and recommended) to secure Samba. Are
those software settings enough or do we have to combine them with
multiple ethernet cards etc...
4) Copying from Windows to Windows through the wire seems to be faster
in "native" mode than copying the same files using Samba (Windows to
Red Hat Linux) About twice as fast. Is this due to a poor
implementation or is there a performance penalty even with recent
Samba code? We expect it shouldn't.
5) Instead of using Samba, the customer proposes to send the files
with FTP from the Windows machine to the Linux machine. We think this
is both much slower, more complicated and not more secure than Samba
(when both are configured secure). Who is right?
6) How frequent is our case? How do the others do? Can Windows and
Linux coexist peacefully or is exposure to the external world only
possible for homogeneous configurations?
Thanks for your comments and help
Emmanuel van Hecke
- Next message: Chris: "Re: Netgear MA111 USB Wireless adapter"
- Previous message: Nick E.: "Re: which distro for a file server"
- Next in thread: John S: "Re: Samba share in DMZ"
- Reply: John S: "Re: Samba share in DMZ"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
