REPLIES TO EVERYONE, THANKS!
From: User (1_at_2.3)
Date: 02/18/05
- Next message: Robert: "Re: sent more than received"
- Previous message: User: "REPLIES TO EVERYONE, THANKS!"
- In reply to: User: "I Need a firewall recommendation."
- Next in thread: William Tasso: "Re: REPLIES TO EVERYONE, THANKS!"
- Reply: William Tasso: "Re: REPLIES TO EVERYONE, THANKS!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 18 Feb 2005 05:57:38 GMT
Here is a follow up to everyone's replies.
First a clarification.
The servers are dual xeon 2.88 machines so they are overkill as it is.
All the services listed will be running on ONE of the servers.
It will have one smtp/pop email server (Rockliff Mailsite) serving up
multiple email domains. And it will be running iis hosting different
web sites each with different IPs and ftp and remote admin. The
machine that is being replaced by this new one already has multiple
web sites and email domains as described - so I already know how to do
all this on one machine, but thanks for the informative replies
anyway…
The other server is running an app that uses one "weird" port, lets
say port 1234 and remote admin.
Joe
-----
I talked to the sonicwall folks and for a "low end" router the TZ170
looks pretty serious for a great price. And it will handle everything
I need to do here and the ability to filter spam/malware at the
firewall level (Macfee engine- would prefer the nod32 engine tho) is a
great feature. I am almost certainly going to go this route. Thanks
for the tip!
Leythos
-----------
You said - "do you really want to allow POP to the server through the
Public connection?"
Well yes. My company has a domain name that has emails associated with
it and I have users that need to read their email. I have had pop 110
open to the public for years now. Am I missing something here?
Smooter
http://m0n0.ch/wall looks cool!
I don't have the time to deploy this setup with something like that
but for future things like a better setup at the office putting an old
PIII 600mhz machine to use for something like that is an interesting
idea. Thanks for the tip.
William Tasso
-------------------
In response to my statement:
> All unneeded services will be turned off including windows file
> sharing.
You said:
"Are you sure? and incidentally, do you need to disable anything at
all
if you're servers are safely behind a good firewall?"
Well here is why.
These two machines will physically be on the same LAN behind the
firewall.
I don't need file sharing between them. So I was thinking that if one
was compromised it would be better to turn off windows file sharing on
both machines to limit the possibility that the compromised machines
could be used to hack the second.
What do you think now that is clarified?
T. Sean Weintz
You said:
Not the way he described. 1 outside IP address, 1 port (port 80) being
natted to two different IP addresses - which one it gets natted two
depending on the URL that was requested. Not to many firewalls do
layer
7 aware natting like that.
Sorry for the somewhat vague first post.
Each web site/ ftp site will have DIFFERENT IP addresses.
------------------------------------------------------------------------------------------
So, right now it looks like theTZ170 unless further comments tell me
better.
This was my first post to this group.
It rocks!
Thanks everyone…
- Next message: Robert: "Re: sent more than received"
- Previous message: User: "REPLIES TO EVERYONE, THANKS!"
- In reply to: User: "I Need a firewall recommendation."
- Next in thread: William Tasso: "Re: REPLIES TO EVERYONE, THANKS!"
- Reply: William Tasso: "Re: REPLIES TO EVERYONE, THANKS!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
