Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Is it a good idea to run all of the above in a one computer? Or should i buy another used computer which will just have router? And if i have a linux box as a router, can i use my other computer as a nameserver, and a webserver (because its going to have an ip like 192.168.0.1)? Which way is more secure?
I've got the hardware, just short in the talent pool (it's just lonely me in the shallow end). I need to place a http server behind a firewall, keep my named servers in a DMZ, and try to get mail to either a 'private' IP or just to a box behind a rugged, sniffing firewall.
I've read as many howto's as I can find, and my setups still fail. I've got five static IP's. I've used two of them for the name servers (I know... I should co-locate a name server.) The last time I attempted it I had a really funky routing problem that looked like it had potential as a totally unpredictable balancing firewall (ie: useless).
I understand both of you but as much as this is home use only, i think it would be a good idea to have as much security as i can... I am no expert on security, neither anything related to it but i think it would be a good practice for me to do them in two different boxes... I dont want to break any eggs. Ok now i've decided to have a linux box router, which services do you suggest for me to run on these? I was thinking of
P200, 3.2 GB, 64 MB = Router and name server
PII 450 10 GB 128 MB = Webserver, mailserver and ssh
Yep. Config looks good, but sshd on the firewall box would be handy as well. DENY port 22 on the 'public' interface if you don't need to manage it from the outside world.
thanks for replying mcleodnine
I do alot of traveling and i have to update the contents of my website (if i ever can get it up and running)... + I am going to be hosting a website for my brother and he does not know anything about linux... I am going to make a user account for him (obviously) and he can change contents from his computer.
Nabil,
I got the dns to work for the first time today . Boy does it feel good . But my bro bought another comp and he wants to use it to surf the net, and i bought another computer to use it as a router . I was just trying to figure out which services to run on which computers and i think the problem is solved.
And i owe a big thank you to you, Jamie, and Jeremy and everyone else who made this place possible for the newbies .
Cool,
Good for you.
If you need a very simple solution for a router, then get smooth wall..It is a linux firewall and a router. It is easy you can set it up in less than 10 minutes and have a working router with a firewall built in.
I agree, you have to decide just how important network security is to you.
If your a business then it means money and reputation when something goes wrong, if it's just a home LAN then it's just annoying and time consuming.
My job is to provide security for Banks in London and this is how you would roughly do it. "without going into too much detail"
============
Big Bad internet
============
|
HTTP in
HTTPS in
|
------------------------
Bank's FW
------------------------
DNS,
WEB
VPN tunnel to 2nd FW
------------------------------------- new network --------------
=================
Other trusted bank site
=================
|
VPN/IPSEC/FWZ
|
|
--------------------------
Banks 2nd FW
---------------------------
|
|
|
|
SMTP
VPN tunnels (DMZ)
|
------------------------
Banks 3rd FW
------------------------
|
IDS
VPN tunnel servers (IDZ + stateful inspections)
|
-------------------------
Banks FW
-------------------------
|
PDC's & POP, DNS cached, etc
Corporate internal IP's -------> red lines to transaction servers
Database systems
This is just a rough diagram, but it shows you the topology needed, also you don't put your public access sites anywhere near your private sites.
And you use the Mutilhomed firewall method with passive IDS and stateful packet inspection, using Cisco PIX and FW1 boxes with Rainwall and other Load balancing techniques.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
The last time I attempted it I had a really funky routing problem that looked like it had potential as a totally unpredictable balancing firewall (ie: useless).
. Boy does it feel good 
