Multihome advice - Level Extreme

Level Extreme platform

Subscription

Corporate profile

Products & Services

Support

Legal

Français

Multihome advice

Message

From

11/02/2002 15:30:11

Jerry Kreps
Nebraska Dept of Revenue
Lincoln, Nebraska, United States

11/02/2002 12:59:18

Michael Copeland
Genesis Group
Bartlesville, Oklahoma, United States

General information

Forum:

Linux

Category:

Networking, Installation and Administration issues

Title:

Re: Multihome advice

Miscellaneous

Thread ID:

00618167

Message ID:

00618548

Views:

Terry & Mike,
I am curious... were you folks using a firewall on the box that the DSL was connected to, with IP Forwarding on?

I've been running a Cisco 657 from ISP digital phone line, setup as a DHCP server, connected to eth0 on my SuSE 7.1 server. The SuSE has a firewall with ipchains and IP Forwarding on, and with eth1 connected to a NetGear router, to which other boxes on the intranet are connected. It's up 24/7 (nearly 70 days since the last thunderstorm - my server go down for thunderstorms :) and I haven't had a single breakin yet, although my logs show occasional tries. All I'm using is sendmail. What's the diff between my setup and you guy's?
JLK

>>I have a RedHat 7.2 installation with two cards that I am hooking to my DSL >connection.
>>
>>we exposed our mail server and it got hyjacked :-(
>>
>>Thanks VERY much in advance.
>>
>>Terry
>
>
>Terry,
>
>My advice is to save yourself a LOT of trouble and put a simple, $80 router between your DSL modem and your network Hub. I have installed 8 RH boxes in exactly the way you described above and found that:
>1. There is an ongoing maintenance issue as new versions of the servers (Apache, Sendmail, etc) are released to address security holes. If you don't upgrade, you risk being hacked since your RH box is completely exposed to the Inet.
>2. The setup on the router is MUCH simpler and more flexible (maybe I should say "EASILY flexible") than configuring your RH box.
>3. You can take down the RH box and work on it without depriving your network users their access to the Inet.
>4. Assuming that a Linux box can be used like a Swiss Army knife, while "nifty", is as goofy as assuming that Windoz will -someday- be stable and reliable. In other words, for each task use the best solution and don't force an oval peg in a round hole. It may fit, but you'll expend unecessary effort.
>
>The Linksys #BEFSR11 Router is rock-solid, very configurable, and inexpensive. It's been the best $80 I've spent on setups that are exactly like you are describing.
>
>I've converted 7 of my 8 installations to use this approach and it's a HUGE improvement. (And yes, I had two servers hacked because I didn't keep the distro's and/or server software on the RH boxes updated.)
>
>Hope this helps.
>
>Mike

Nebraska Dept of Revenue

Map

View

Click here to load this message in the networking platform