[SunHELP] Configuration advice...

Marvin Cummings MarvinC at gmail.com
Wed Oct 13 15:13:50 CDT 2004 

Thanks. With the exception of the 2nd private network this is is the
setup I've been leaning towards implementing. I'd also like to know
what's the mindeset on using either the Solaris or the Intel box as
the firewall. I've heard some complain that Solaris on the Intel sucks
in comparision to the Ultra Sparc. The HW for both are as follows:
Sparc: 440mhz w/768MB RAM & 8GB harddrive
Intel: PII 450mhz w/128MB RAM & 8GB harddrive

Me being a Windows guy and running ISA on a PIII 550mhz w/768MB of RAM
and a 27GB harddrive I've always heard that you didn't need much to
run a linux firewall. Is this the case with Sun? Will the PII suffice
or should I use the Sparc? I'm thinking I'd like to use the minimum to
get the firewall working and the other for Sendmail. Sendmail, again
will front-end and relay to exchange.

thnks 

On Wed, 13 Oct 2004 15:00:46 -0400 (EDT), Sandwich Maker
<adh at an.bradford.ma.us> wrote:
> " From: Marvin Cummings <MarvinC at gmail.com>
> "
> " Wondering if I can solicit some advice from the list on a setup I'm
> " thinking about implementing? My network is currently configured as
> " follows:
> " BellSouth DSL service
> " Linksys 4-port DSL router
> " Windows 2003 Active Directory w/AD an Integrated DNS zone
> " ISA 2000 firewall server
> " Windows 2003 web server
> " Exchange 2003 mail server
> " I have a Solaris Ultra Sparc 10 workstation and an intel box that I'd
> " like to also install Solaris 8 on.
> " The plan is to install and configure sendmail on one of these solaris
> " systems and place it in front of my exchange server. This would allow
> " me to remove the linksys router and possibly use Solaris as my sole
> " firewall/router and sendmail as a relay for my exchange server.
> " What I'd like to know is what others may think of using Solaris as a
> " firewall/router with a DSL connection? I'm sure it can be used for
> " other things but I'd like to know how effective it is as a router?
> " Right now I have the ISA server acting as a firewall with the linksys
> " in front of it. I'm not too happy about this configuration but can't
> " afford a hardware firewall solution.
> " If anyone has any documentation on configuring Solaris 8 as a
> " firewall/router and sendamil on Solaris 8 as a relay for Exchange I'd
> " really appreciate it. I'm using the Mastering Solaris 8 book published
> " by Sybex to gather some solid info on this but welcomes any responses
> " or direction.
> 
> in addition to sunscreen there's also the very good but strictly
> command-line ipfilter firewall/nat.  http://coombs.anu.edu.au/ipfilter/
> 
> it's generally very bad form to do anything but firewalling - and
> maybe proxying - on your firewall.  the more it does, the more doors
> you leave open for attack and infiltration; the less it does, the
> easier it is to lock down.  don't run sendmail on your firewall or do
> firewalling on your sendmail box.
> 
> if you have the hardware --
> two private nets, one public facing, one private.
> on the public one:
> 1 mail server
> 1 web server
> 1 ftp server
> public dns server[s]
> etc.
> on the private one:
> desktops
> internal servers
>        home directories
>        tools
>        internal web
>        internal dns
>        internal mail, using the public mailsrv as relay
>        etc
> both nets firewalled from the internet -and- from each other.  all
> connection attempts from outside are either blocked or directed to
> machines on the public-facing net; those machines cannot originate
> connections into your private net.
> 
> why?  even attackers can get into your web server for legitimate
> queries.  but they can't use ftp [for example] to break into it, and
> if they do crack it they don't also get your mail or mailer and they
> still face a firewall protecting your private data.
> ________________________________________________________________________
> Andrew Hay                                  the genius nature
> internet rambler                            is to see what all have seen
> adh at an.bradford.ma.us                       and think what none thought
> _______________________________________________
> SunHELP maillist  -  SunHELP at sunhelp.org
> http://www.sunhelp.org/mailman/listinfo/sunhelp
>

More information about the SunHELP mailing list