[NCLUG] Network configuration

dobbster dobbster at frii.com
Wed Oct 25 23:25:11 MDT 2000


> I suppose it depends on how much web traffic your company gets and how many
> current web hits you get; 256 K up is not all *that* much... you could use
> a 486 w/ 16 megs of RAM and saturate your DSL line (I've seen this done,
> BTW), so your Pentium with 96 megs will be more than adaquate.

I have no idea.  I need to somehow analyze the traffic on our current
servers...

Glad to hear that the Pentium should suffice.

> If I understand you correctly, this could get pretty messy... if you open
> up port 80 on the firewall, you can forward that port to one of internal
> machines... only one of them. Unless, of coures, you're running Apache on
> the firewall, but that kinda defeats the purpose of the firewall.

I didn't know that...  But if I run a single virtual server, it seems
like it might work.  The consensus received thus far is to have a DMZ,
so I might try to figure out how to arrange that instead.


> You can usually tell a "secure" environment from a non-secure one because
> they have ports that aren't in use firewalled, they're running a later
> version of Apache, and they're NOT running sendmail.
> 
> Qmail and Postfix rule the arena of secure MTAs, and you really are taking
> a hit security-wise if you run sendmail on your firewall... as long as
> you're learning about Linux, why not do some reading on Postfix/Qmail;
> they're not all that hard to configure, and I know for sure that Qmail has
> never been hacked (with some caveats).

Okay...  I am sold.  More reading yet.

> > So far, I've been using Mandrake 6.x/7.x.  I use the stock "secure"
> > kernel, and I have the services protected by
> 
> What is secure about the "secure kernel"?

Well, it says 2.2.15-4mdksecure.  Other than that I have no clue.

> Too bad you're not in SLO... you'd probably be interested in
> http://www.lug.calpoly.edu/sym/ ;-)

Definitely...  I wish they had something like that here!  How do people
learn all of this stuff, anyway?

Thank you very much for the feedback...

Mark (dobbster at frii.com)



More information about the NCLUG mailing list