On Tue, 2007-05-29 at 17:23 -0400, Michael.Coll-Barth@xxxxxxxxxxxxxxxxxxx wrote: > Folks, > > I need a little guidance, not just a set of 'do this' instructions. > Although, I won't toss those! :) > > I have built a small network at home for the family using five windows > boxes and one Linux box. Currently, everything plugs into a DSL Modem > for Internet connectivity. > > I would like to change this to have a Linux box ( Pentium II ) > residential serve as a gateway to provide firewall and proxy services. > I suppose that it will also need to behave as a DHCP server? Will it > need a second NIC installed that will attach to a hub for the other > boxes? Is Fedora too big an OS for this? Something smaller, Ubuntu? > > In addition, it would be nice to have another Linux box ( Pentium III ) > acting as a web/db/file server. I plan to use Apache and Oracle for > this. Is Samba still what I should use to store Windows files? Is > there a mature IIS 6 'clone' or drop in replacement out there? I > haven't looked for this yet, so, don't yell. > > Any thoughts and/or suggestions before I go off to RTFM? Yes, you can use a Linux machine (Fedora, Ubuntu, whatever) as a gateway/firewall. You say that everything's plugged into your DSL modem. If that's the case, then it's really a DSL modem/router and it should have a reasonable firewall on it already. You just need to configure it properly. It also is acting as a DHCP server, since your Windows boxes can get to the Internet. I don't know which DSL modem you have, but if it's one of the "brand names" (3-Com, Linksys/Cisco, etc), you should be fine. If you do use a Linux box, you need to configure it as a router, set up iptables rules (firewall) and configure the DHCP server. It will need two NICs in it (one for the public internet side and one for the private LAN side). Whatever you do, set up the firewall rules VERY strictly--especially since your LAN is made up of Winblows boxes (an inherent security risk). For my systems at home, the only outside-initiated connections I allow are DNS (from my primary DNS servers) and ssh. ssh is only allowed from a very restricted list of IP addresses such as my office, root is not allowed to log in via ssh and you must use a passkey to get in. Internally-initiated connections (in iptables' parlance, "established, related") are permitted. Since my LAN at home is almost pure Linux (well, one box is Xenified with Win2003 server as a fully-virtualized domU), I'm fairly secure. As far as using a Linux box as a file server for Windows, yes, Samba is really the only way to go. In a small, home LAN, you can probably get by with share- or user-based access rules (you don't need a domain controller). It's not hard to set up. ---------------------------------------------------------------------- - Rick Stevens, Principal Engineer rstevens@xxxxxxxxxxxx - - VitalStream, Inc. http://www.vitalstream.com - - - - Microsoft Windows: Proof that P.T. Barnum was right - ----------------------------------------------------------------------