Re: fedora as a gateway / server

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2007-05-29 at 17:23 -0400,
Michael.Coll-Barth@xxxxxxxxxxxxxxxxxxx wrote:
> Folks,
> 
> I need a little guidance, not just a set of 'do this' instructions.
> Although, I won't toss those!  :)  
> 
> I have built a small network at home for the family using five windows
> boxes and one Linux box.  Currently, everything plugs into a DSL Modem
> for Internet connectivity.  
> 
> I would like to change this to have a Linux box ( Pentium II )
> residential serve as a gateway to provide firewall and proxy services.
> I suppose that it will also need to behave as a DHCP server?  Will it
> need a second NIC installed that will attach to a hub for the other
> boxes?  Is Fedora too big an OS for this?  Something smaller, Ubuntu?
> 
> In addition, it would be nice to have another Linux box ( Pentium III )
> acting as a web/db/file server.  I plan to use Apache and Oracle for
> this.  Is Samba still what I should use to store Windows files?  Is
> there a mature IIS 6 'clone' or drop in replacement out there?  I
> haven't looked for this yet, so, don't yell.
> 
> Any thoughts and/or suggestions before I go off to RTFM?  

Yes, you can use a Linux machine (Fedora, Ubuntu, whatever) as a
gateway/firewall.  You say that everything's plugged into your
DSL modem.  If that's the case, then it's really a DSL modem/router
and it should have a reasonable firewall on it already.  You just
need to configure it properly.  It also is acting as a DHCP server,
since your Windows boxes can get to the Internet.  I don't know which
DSL modem you have, but if it's one of the "brand names" (3-Com,
Linksys/Cisco, etc), you should be fine.

If you do use a Linux box, you need to configure it as a router, set up
iptables rules (firewall) and configure the DHCP server.  It will need
two NICs in it (one for the public internet side and one for the private
LAN side).

Whatever you do, set up the firewall rules VERY strictly--especially
since your LAN is made up of Winblows boxes (an inherent security
risk).  For my systems at home, the only outside-initiated connections I
allow are DNS (from my primary DNS servers) and ssh.  ssh is only
allowed from a very restricted list of IP addresses such as my office,
root is not allowed to log in via ssh and you must use a passkey to get
in.

Internally-initiated connections (in iptables' parlance, "established,
related") are permitted.  Since my LAN at home is almost pure Linux
(well, one box is Xenified with Win2003 server as a fully-virtualized
domU), I'm fairly secure.

As far as using a Linux box as a file server for Windows, yes, Samba is
really the only way to go.  In a small, home LAN, you can probably get
by with share- or user-based access rules (you don't need a domain
controller).  It's not hard to set up.

----------------------------------------------------------------------
- Rick Stevens, Principal Engineer             rstevens@xxxxxxxxxxxx -
- VitalStream, Inc.                       http://www.vitalstream.com -
-                                                                    -
-         Microsoft Windows:  Proof that P.T. Barnum was right       -
----------------------------------------------------------------------


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux