Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


adding a linux firewall for exchange server

Posted on 2006-07-07
Medium Priority
Last Modified: 2010-03-18
Right now I have been asked to add a firewall to our network for our exchange server. We are running Exchange server on a stand alone server that also acts as a secondary dns server for our network. Is there a distro anyone would reccomend? Or is there any applications or services we should use in paticular?

Also what potential complications would there be running a firewall in front of our exchange server/secondary dns server?

Would it be much easier just to run a isa server instead?

Thanks for your help as allways!

Question by:Calv1n
LVL 19

Expert Comment

ID: 17061834
IPcop is very capable in these kinds of scenarios. Plug internet into 1 socket, LAN into the other. Point and click gui interface. For mail all you're going to need is port 25 open. 80 & 443 for the Outlook Web Access, and 53 for DNS.

Any linux distro can easily take care of this, but if you're not comfortable working command line, try something like SuSE which has a very easy to use graphical firewall control panel.

ISA (InSecurity &  Annihilation  server) is the worst kind, and avoided at all costs.
LVL 22

Accepted Solution

pjedmond earned 2000 total points
ID: 17069084
I particularly recommend smoothwall www.smoothwall.org, or Devil Linux www.devil-linux.org. Astaro linux is a superb (but commercial Firewall distribution - www.astaro.com).

Why use a dedicated linux firewall?:

1.  Minimal software on the box to be compromised.
2.  chroot setup minimises the software available to 'abuse' from 1 even further.
3.  Seperate box, so even if the firewall is compromised, the attackers still haven't gained access to corporate secrets.
4.   Can be used to provide a firewall/vpn capability without degrading your main server's capabilities.
5.   If you use an 'old' PC, then you can have a high quality configurable firewall virtually free of charge! How much will the isa server set you back?

(   (()
(`-' _\
 ''  ''

Expert Comment

ID: 17069395
If you are inexperienced at Linux I would recommend Smoothwall - http://www.smoothwall.org/ or IPcop as above, both are similar and capable linux based firewalls, Smoothwall has a free version as well as a commercial version. I have used both and both are good IMHO.

If you are hardcore I would recommend OpenBSD. You dont need much beyond the default install to have a highly capable firewall and it is one of, if not the most secure OS's there is.

I have to disagree with the previous comments on ISA server. It is a fine firewall - the big problem here is the underlying OS - You dont want to have reboot your firewall everytime MS puts out a browser patch. That said You can lock down ISA and Windows to make a secure it just takes alot longer than with a linux based system.

Featured Post

[Webinar On Demand] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Loops Section Overview
Suggested Courses
Course of the Month12 days, 11 hours left to enroll

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question