In gmane.user-groups.linux.ilug.general, you wrote:
> I have a pc dedicated to the firewall functions which is running RULE
> Linux as it is an elderly PII PC1 is running Windows 2000 professional
> and PC2 is running Red Hat FC 3.
> What im pondering on is which protocols should be running where? It
> seems to be that this configuration will work with either DNS or DHCP
> and with or without a Domain setup. So what would be the optimum way of
> configuring this set up?
Your firewall is the one which will be most prone to attack. For this
reason it is common practice to put as little software as possible on it
(eg remove the compiler, run little or no services). This is so that you
give the attacker as few attack routes as possible *and* if he does get in
by some means, to make it awkward for him/her to escalate privileges and/or
attack the rest of your network.
However, there's a question of balance. Your Windows machine will clearly
be reliant on the linux ones. The firewall must be running for it to have
net access. If you want it to authenticate against an smb domain, you must
have the samba server on. If you need and run internal DNS, that'll have
to be up. If you have samba on the other linux machine, your windows
machine might be reliant on both other machines. Same for email (assuming
you really need your own mail server, which you may not).
So, to use windows practically, you could need all three pcs booted.
That's both wasteful and inconvenient, though maybe you don't mind for some
reason. If you put everything on the firewall you needn't have the other
linux machine booted. You must also open ports between firewall and local
network to allow the services to work.
Personally, I run all these on my home firewall (the services are of course
blocked to the outside world) and have no intention of running two
always-on machines. But I guess it would be more secure to do things that
Hope that helps,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: Digital signature
Url : http://mail.linux.ie/pipermail/ilug/attachments/20050220/03d46188/attachment.pgp
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!