On Wed, 16 Aug 2000, Joseph S. Gardner wrote:
> Is it practical / advisable to set up a single machine to act as
> a firewall/email/web server or am I looking for MAJOR trouble.
Traditionally, a firewall should have nothing but ssh running on it. If
the e-mail/web services are compromised, the firewall can also be
compromised.
It is OK to run them all on the same box if you believe your web/e-mail
server software to have no flaws in them that allow root access or
anything like that. But many times that is not true, and it is possible
for an attacker to break in through sendmail or something, and turn off
the proctection of the firewall, compromising the entire network. I
appreciate your concern for this. I recommend buying a Linksys
(www.linksys.com) Broadband router anyhow, and remap the ports thru that.
You can use that as a firewall, and then map the smtp (25) port and the
http (80) port to the proper server machine. That way, at most, you
compromise only 1 machine.
>
> I'm trying to run a SOHO with limited resources/computers but
> still need all the goodies.
>
> Thanks,
>
--
Regards,
Ellick Chan
[EMAIL PROTECTED]
Aug 16
