From: Ciaran Mac Lochlainn (ciaran17 at domain eircom.net)
Date: Wed 25 Sep 2002 - 13:56:03 IST
Same here - first ever useful Linux box I installed, configured from
scratch. It took a good while to get the hang of the packages, but I was
able to re-install it and get it running in a few hours after a hard disk
failure, without having a backup to restore from. (I said I was a newbie)
It's very low maintenance.
The setup was RH 6.2, with squid, ipchains and a caching nameserver.
Originally I used diald to handle dialling on demand, but after the
reinstall I didn't bother with it, using the demand option in ppp. Red Hat
don't tell you about this (didn't at the time anyway) but it's a must.
The upgrade to RH 7.2 when it came out was a doddle. The only problems were
that it broke demand dialling and wiped the firewall rules, but I was able
to get demand working again by tweaking a few scripts, and I had a backup of
the rules.
It keeps itself patched too, via RHN and a simple home made cron job which
runs every night.
A few tips (YMMV) -
DO's
Read up on the packages you'll be using. Read up on security. Get your
distro patched before you put it live. Use a packet filter. Use ISDN (or
DSL if you can get it). Make a backup.
DON'Ts
Don't use a leased line. Don't get a static IP address (it attracts
rodents). Don't put up with an analogue line unless there'll be only one or
two users. Don't create lots of user accounts. Don't run packages/services
you don't need. Don't buy new hardware - you won't need it. A few gig (we
have 25 users and our 9 gig disk is mostly empty)of hard disk space will do
fine.
Hope that helps
Ciaran
----- Original Message -----
From: "Declan Grady" <Declan.Grady at domain nuvotem.com>
To: "Irish Linux Users Group" <ilug at domain linux.ie>
Sent: Wednesday, September 25, 2002 12:34 PM
Subject: Re: [ILUG] Linux Proxy Server
> I'd fully recommend squid as the proxy.
>
> Even with my newbie hat still firmly in place, I managed to get a box
setup and running with redhat 7.0 and squid, together with some ipchains
firewalling rules, and local caching dns, which auto-dials my isp when
necessary.
>
> Good luck with it.
>
> Declan
>
>
> On Wed, Sep 25, 2002 at 11:46:02AM +0100, Hugh Mc Gauran mentioned:
> > I have been asked to implement an http/https/ftp proxy in work.
> > As well as that I've been given the go-ahead to research/implement a
Linux
> > solution. I am looking at debian/redhat possibly with squid as the
proxy.
> >
> > Can anyone point me in the direction of a good resource that goes
through
> > setting up/hardening such a box.
> > It is early days yet and I have not done a lot of research yet.
> >
> > Any help/pointers greatly appreciated.
> > --
> > Regards
> > Hugh Mc Gauran
>
> <snippity snip>
> --
> Irish Linux Users' Group: ilug at domain linux.ie
> http://www.linux.ie/mailman/listinfo/ilug for (un)subscription
information.
> List maintainer: listmaster at domain linux.ie
>
This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:19:03 GMT