[TriLUG] Server question

Jon Carnes jonc at nc.rr.com
Wed Nov 28 20:04:42 EST 2001


I agree with Chris that these should be setup in a DMZ.  You need to use
either the redir or ipvsadm to redirect the ports into your server or
servers in the DMZ.

In that way, if the server(s) are broken into, the hacker will still not be
able to access the machine.

For the DMZ setup you will need either a second firewall or a third network
card in your current firewall.

If you haven't played with the LVS stuff, you might want to look at it now.
You can add redundancy to your vital systems fairly easily (assuming you
have another PC that you can throw into the DMZ as a spare).

Jon
----- Original Message -----
From: "Mark" <mark at thefowles.com>
To: <trilug at trilug.org>
Sent: Wednesday, November 28, 2001 7:39 PM
Subject: Re: [TriLUG] Server question


> Chris,
>
> I am trying to set up the server for the high school - I have to setup
Apache,
> DNS and mail (qmail) --  Should I set these up on a DMZ server in front of
the
> firewall ?
>
> Thanks,
> Mark
>
> Christian J Hedemark wrote:
>
> > > This is probably a stupid question but can you have a web, DNS and
mail
> > > server behind a firewall that still has public access ?
> >
> > Not a stupid question.  Yes, you can do this.  I don't recommend putting
the
> > server behind the firewall on your private network if you can help it.
> > Instead I recommend a secure third leg network that is isolated so that
a
> > compromise of this server does not further compromise your network.
That's
> > the commonly accepted way of doing things.
> >
> > _______________________________________________
> > TriLUG mailing list
> > http://www.trilug.org/mailman/listinfo/trilug
>
> _______________________________________________
> TriLUG mailing list
> http://www.trilug.org/mailman/listinfo/trilug




More information about the TriLUG mailing list