Re: Advice needed for network planning (Firewall, Proxy, DNS, DHCP, SMB, FTP, HTTP, SSH, VPN)
- From: MoMule <k0mul.ham@xxxxxxxxx>
- Date: Fri, 28 Sep 2007 14:35:36 -0000
On Sep 22, 6:15 am, "Tom" <n...@xxxxxxxxx> wrote:
Hello folks!
I am administering a small Network with some Linux boxes as servers and some
Windows based clients.
Now i am thinking about expanding this network with some additional
features.
The purpose of my thread is, to get some advice of you guys on how you would
set this whole thing up, concerning the architecture of the network.
************
For the moment the network looks like this:
1. Linux box with 2 NICs:
- Firewalling between NIC1 (Internet Modem) and NIC2 (LAN)
- DNS
- DHCP
2. Linux box:
- Samba, being the fileserver for the network as well as the PDC and
WINS
3.-7.: Windows clients
************
Now my situation is the following:
- I want to add the following servers:
- FTP
- HTTP
- VPN having access to the windows domain of samba
- Proxy
- I have 2 further PCs at my disposal (ranging from 400MHz to 850MHz)
My question is, on how I should design this network to make most sense in
terms of security and network logic. For instance a question would be if I
can set up the Proxy on the same box as the firewall with it's two NICs, or
if I should move it to a sperate PC having also 2 NICs, and to connect it's
NIC1 to the firewall and it's NIC2 to the LAN.
For instance: Does it make sense to do the following:
DSL----(NIC1)[Linux1 being Firewall](NIC2)----(Nic1)[Linux2 being
Proxy](Nic2)----LAN
on the LAN-Switch connected:
- Linux3 being: HTTP, FTP, DNS, DHCP
- Linux4 being: SMB PDC
- 5 Win clients
or is that much to complicated and overkill?
How would you design the network with the given hardware?
Where would you place the VPN-server which should have acess to the shares
on the SMB-fileserver?
Could I still pass via SSH from internet to the Linux boxes everywhere?
Thanks for any idea
Tom
On Linux 1 box set up the additional servers = VPN and Proxy
On Linux 2 box set up the additional servers = ftp http
My setups generally go like this:
1) Install Mandriva on Linux 1 box. Set up shorewall(firewall),
squidproxy(proxy), OpenVPN(VPN).
2) Install Mandriva on Linux 2 box. Set up apache(http), proftp(ftp).
Heck, you could use a third Linux 3 box if you wanted strictly for
SAMBA(Windows anthentication and file sharing).
There have been times when I installed the following servers on a
single Linux box: ftp, http, vpn, firewall, email, proxy, and VoIP
(maximum of 6 simultaneous users). The machine was peacemeal with a
rather small hdd and slow processor with 512RAM. The system supported
roughly 30+ users with no complications or degredation - so long as I
remembered to clear out the logs and squid cache from time-to-time.
It really comes down to what you want to "try out" for learning
purposes...
Your plans are quite commendable - good luck!
Deion "Mule" Christopher
.
- Follow-Ups:
- References:
- Prev by Date: Re: A weird routing question.
- Next by Date: Re: netfilter & SIP
- Previous by thread: Re: Advice needed for network planning (Firewall, Proxy, DNS, DHCP, SMB, FTP, HTTP, SSH, VPN)
- Next by thread: Re: Advice needed for network planning (Firewall, Proxy, DNS, DHCP, SMB, FTP, HTTP, SSH, VPN)
- Index(es):
Relevant Pages
|
