Thanks for the various suggestions... Appreciate it a lot, and now I am busy doing a lot of reading... and then off to the second hand computer stores.... :)))
Thanks /Bengt -----Original Message----- From: Paul Johnson [mailto:[EMAIL PROTECTED] Sent: Thursday, August 07, 2003 12:22 To: [EMAIL PROTECTED] Subject: Re: Firewall and Mailserver questions - suggestions wanted. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, Aug 06, 2003 at 09:01:31PM +0900, Bengt Thur?e wrote: > web cache: squid > Ad removal: privoxy I recommend adzapper over privoxy, adzapper's easy to set up, easy to maintain. > miscelaneous: dns, ntp, seti Don't run seti on your firewall, best to leave it unburdened. > 1) Is this a good setup? Or overkill? total maybe 10 persons > to use mailserver in the beginning. It'll be easier and cheaper to configure and maintain if you make the box a firewall that just happens to be providing a few services. You'll still be better off than one of those Linksys boxes and way better than than a Windows box. > 3) On which computer should the squid, privoxy, and apt-proxy be > running? On outerfirewall or on webserver? Or should I > have a dedicated computer for this? If you're going to take the time and effort to have a DMZ sandwiched between two firewalls, might as well do it right and not run anything on the firewalls. > 4) Is there any idea of having a dedicated logserver? Probably overkill here. > 5) Mail server and web server? Should this be in the same > computer, or separate? More secure if they are in separate? Unless we're talking thousands of users here, one box is fine for both. > 6) Should I have the security stuff also on the dmz area? ? > 7) Is it recommended to configure cron-apt to run once a day, > and only install the security updates? Not recommended that you have it automate installation. - -- .''`. Paul Johnson <[EMAIL PROTECTED]> : :' : proud Debian admin and user `. `'` `- Debian - when you have better things to do than fix a system -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/McXKsClmdIs2Ki8RAjkPAKCAswrlXz3JeOiJ0iQnohkXEZV29QCeJKJ4 hd+inRKKAhI/8VAkyct9zgc= =K7ya -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
