Re: Firewall and email/file servers on same machine?
dale_at_edgehp.invalid
Date: 01/20/05
- Next message: RJ: "XPsp2 firewall - bug? - disables on certain networks"
- Previous message: IPGrunt: "Re: What does a firewall do?"
- In reply to: markp: "Re: Firewall and email/file servers on same machine?"
- Next in thread: Tim Haynes: "Re: Firewall and email/file servers on same machine?"
- Reply: Tim Haynes: "Re: Firewall and email/file servers on same machine?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 19 Jan 2005 20:13:37 -0500
In article <34vlp4F4fafepU1@individual.net>,
"markp" <map.nospam@f2s.com> writes:
> Thanks to all who replied. From what has been said I think I'll set up a
> firewall only machine and do all the file and email serving locally on
> another machine.
>
> Mark.
>
> "markp" <map.nospam@f2s.com> wrote in message
> news:34sdcmF49roq7U1@individual.net...
>> Hi all,
>>
>> I'm thinking of adding a linux based firewall to my home network, probably
>> on a mini-itx machine. I also need an email server and a file server that
>> can be accessed via a VPN.
>>
>> Is it better from a security point of view to have physically separate
>> machines for the firewall and servers, or can these be in the same
>> physical machine without compromising security? I've heard that physically
>> separating them is good practice, but is there a genuine security reason
>> or is this just a maintenance issue?
>>
It has always been a truism that a firewall machine should be ONLY a
firewall machine. That's also not necessarily a reasonable situation
for a home machine. Assuming you've decided to find space for an extra
machine, it then becomes necessary to find space for 2 machines. And
while we're at it, it would REALLY be better to have a dedicate logging
host that accepts NO incoming connections, just a console, etc. It can
get out of hand, rapidly.
So let's take a slightly different situation...
About May 2003, I finally decided that maintaining a tight enough
firewall/server (Yes, I had space for *one* spare machine.) took more
due diligence than I really wanted to spend. So I bought a little blue
box, by Netgear. Actually, I specifically went up a few notches, and
got one with SPI, and other features that could almost make up for not
having a fully programmable firewall. Considering the events of Summer/
Fall 2003 I'm quite glad I got it.
It has always been my intent to re-open some remote connections, so I
can get to my machines at work or when travelling. I haven't gotten
around to it yet, so I have a hardware firewall and behind that a dual-
homed server that can be turned into a secondary firewall.
Any comment on using a combination of secondary firewall that also
provides home lan (no external) services? If/when I allow any sort of
external connection, it will probably only be a filtered OpenVPN
endpoint.
Dale Pontius
- Next message: RJ: "XPsp2 firewall - bug? - disables on certain networks"
- Previous message: IPGrunt: "Re: What does a firewall do?"
- In reply to: markp: "Re: Firewall and email/file servers on same machine?"
- Next in thread: Tim Haynes: "Re: Firewall and email/file servers on same machine?"
- Reply: Tim Haynes: "Re: Firewall and email/file servers on same machine?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
