[NCLUG] Network configuration

Quent quent at pobox.com
Wed Oct 25 21:34:07 MDT 2000 

Sounds fun and cool!

FRII gave you a /26? That's a big chunk of IP space!

Now here's my 2 cents worth. Others will probably give much better
advice :-)

I wouldn't be surprised to see a P-75 firewall have idle CPU time
on a 256K line. It could also handle DNS for a few zones.

Since you don't have a large pipe to the Internet I don't think it makes
sense to build a web farm.  Why not use virtual sites on one server? Why
not build a faster machine, which could host multiple domains, and
spend way less on electricity?

Besides, how much web traffic can a 256K line handle? Remember that you
really only have 13Kbps of bandwidth and will pay extra money to FRII
for any average utilization that goes above that.  So now you're talking
about electricity, pain and hassle of multiple machines, ISP charges and
extra bandwidth utilization charges.  If you've got a bunch of domains
to web host, you might be better off going with a web hosting service
or collocation deal. On the other hand, it might just be a fun thing
to do! It all depends on what your goal is.

The "how-to's" on firewalls and ipchains are pretty helpful.  Learn as
much as you can!

I think I would put publicly accessible web servers on their own LAN
(i.e. a DMZ) and not on the same side of the firewall as my private stuff.

Make sure you have the latest DNS and don't run NFS or NIS on your
firewall or other publicly accessible machines. You might think about
using qmail or postfix instead of sendmail so you won't be caught by
the next security hole that's found :-)  Be careful with ftp too.
NIS gives me the willies.

A stock, non-firewalled, Redhat system is likely to be cracked within days
of being connected to the Internet.

With a little effort and time spent learning, you can set up
a good firewall and be pretty safe.

	Quent

On Thu, Oct 26, 2000 at 02:28:07AM +0000, dobbster wrote:
> Hi,
> 
> I would be very grateful for feedback on the following - I am a lone
> administrator and I have really no contacts in the Linux world...
> 
> At the Installfest I spoke with a number of folks about an ideal setup
> for a home-based network through a DSL line.  I recently obtained about
> 15 low-end pentium systems at an auction and I'd like to turn them into
> multiple web servers with different DNS domains in my basement.  I also
> have a couple of higher-end systems for development, etc.
> 
> My ISP (FRII) gave me a 64 address subnet to use.  I was planning to run
> the DSL router (Cisco 675) into a dual-homed P-75 with 96 MB RAM.  This
> system would be my firewall and possibly my DNS server.  The other
> interface would connect to a 10baseT hub for the basement (my "server
> closet") which in turn would connect into a hub for the upstairs, where
> I keep my "workstations".
> 
> My questions are: 
> 
> 1. Does this seem like a sensible arrangement?
> 
> 2. I think my DSL line is something like 768K/256K download/upload. 
> Will having a P-75 as my firewall system slow down my network?  Can
> these older systems handle other services such as DNS and NIS without
> bogging things down?
> 
> 3. Regrettably, I've never configured a firewall before...  I was
> planning to use the guidelines from O'Reilly's "Linux Network Admin
> Guide" and the HOWTOs...  Will this suffice?
> 
> 4. I was hoping to set up DNS, sendmail, NIS, NFS, and automount.  I
> know how to do this with HP-UX but I have limited experience in Linux (I
> have done a bit with all of these services though).  Does this seem
> sensible?
> 
> 5. I am definitely not a newbie, but I am also not an expert at this
> stuff.  Will I survive???
> 
> Thank you in advance for any help or advice...
> 
> Mark (dobbster at frii.com)
> _______________________________________________
> NCLUG mailing list
> NCLUG at nclug.org
> http://www.nclug.org/mailman/listinfo/nclug
> 
>

More information about the NCLUG mailing list