Thus spake allen wayne best just ramblin in his amx:
> steve:
>
> i am not sure what you mean by forwarding. the two possibilities that come to
> mind are mail and ip forwarding. both are rather simple.
>
> suggestion. use kernel 2.4.x and qmail (in place of sendmail) kernel 2.4.x
> will let you use iptables (better flexibility and security, though the
> learning curve is steeper than ipchains, imho).
>
> on the mail server side, use qmail and follow the directions meticulously
> that are found at http://www.lifewithqmail.org/
>
> again, qmail is far and away more secure than sendmail. and it is almost a
> nobrainer to setup, if, and this is a big if, the instructions are followed.
> (after banging my head against sendmail a couple of weeks, i went to qmail
> and have never looked back. it now runs on all of my machines!)
>
> qmail is at http://cr.yp.to/qmail.html
>
> as to any other type of forwarding, i am not sure of the question. ip
> forwarding is fairly trival. you don't need to set up any routes in
> particular (other than the gateway, which you've properly identified!) if you
> would like, i can send you my iptables setup script. (change the 192.168.10's
> to 192.168.1's and you will pretty much have a base to build upon.)
>
> as to hardware, purchase what you can afford. switches are faster than hubs
> if you need the speed. i personally use netgear hubs/switches and 3com nics.
> as to routers, you probably don't need one (your gateway and iptables does
> that work for you!) a hub/switch/router that has a firewall in it seems to me
> to be just another level of complexity that i don't need or want. my servers
> are running iptables and provide that feature. if some evil one gets through
> that, then it's my fault. and i would in all likelyhood made the same mistake
> on the device with a built-in firewall. so why? "kiss" seems to apply here.
Sorry, I should have been more clear - yes I mean IP forwarding. It
may do mail forwarding if any Win boxes end up on the LAN - be easier
to set up one box than a bunch, and my ISP's mailservers have dropped
a bunch of mails. Mail forwarding is no problem, and IP forwarding
really isn't either, although if you get a chance, I would appreciate
a copy of your iptables script as a starting point. So no route
adding - that's good at least.
As to the hubs, thanks, I'll look into it.
Steve
--
Two sure ways to tell a REALLY sexy man; the first is, he has a bad memory.
I forget the second.
