Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
David Kramer wrote: > For years, I've had One Server To Rule Them All, with two network cards > (one DSL-modem-facing, one intranet-facing leading to a hub), > functioning as both firewall/NAT/server of many protocols. I have an > old WAP plugged into the hub that I use for my laptop and Zaurus, etc. The concept of One Server may be the first place to start your rethinking. I'd be inclined to divide things up into two parts: the services that you want to have available over the entire internet, and the services that are just for use in your house. Anything in the second category should run on a box BEHIND the firewall and NAT. That would let you shorten the list of available services on the public server a bit. For instance, you probably wouldn't run NTP for the world. The non-secure IMAP and POP3 can also go. And you probably want BitTorrent to go to one of your user machines, not to the public server. > I'm reading up on the whole DMZ concept, and it seems like a straight > pass-through, so what does that buy you over hooking up the machine > straight to the DSL modem? It means I don't have to configure > individual ports to go to my server, but it adds no protection to my > server either. That's right -- on the typical router, the DMZ is just a straight pass-through with no security at all. > I assume I should continue to run SuseFirewall on my server even if it's > protected by the router, right? The router should block everything > unwanted, and that would mean I could ease the load of the server quite > a bit. Is it false security to run two firewalls doing pretty much the > same thing, or is it a waste of CPU cycles? Might as well keep both firewalls; it helps if you have made a mistake in the configuration of the Linksys. It wastes some CPU cycles, but you're not likely to have a shortage of them on a home server. > Last one: So I guess my router will now get my static IP address, and I > have to tell my server that its one and only interface is a 192.168.1 > address, right? Which is cool, because then I can remove one more card > from that system and use just the ethernet jack on the motherboard. Yes, exactly right. Remember to use a fixed address (in the 192.168 range) for it! > - I'm 99% sure I'm gonna put a Hauppague PVR-350 card in my server and > add MythTV to its list of duties, and I will most likely be watching the > content on my laptop elsewhere, so 5X the speed is a good thing. I'd definitely do this on a separate box! MythTV will be a disk space and CPU hog.
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |