adding a linux firewall for exchange server

Posted on 2006-07-07
Last Modified: 2010-03-18
Right now I have been asked to add a firewall to our network for our exchange server. We are running Exchange server on a stand alone server that also acts as a secondary dns server for our network. Is there a distro anyone would reccomend? Or is there any applications or services we should use in paticular?

Also what potential complications would there be running a firewall in front of our exchange server/secondary dns server?

Would it be much easier just to run a isa server instead?

Thanks for your help as allways!

Question by:Calv1n
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 19

Expert Comment

ID: 17061834
IPcop is very capable in these kinds of scenarios. Plug internet into 1 socket, LAN into the other. Point and click gui interface. For mail all you're going to need is port 25 open. 80 & 443 for the Outlook Web Access, and 53 for DNS.

Any linux distro can easily take care of this, but if you're not comfortable working command line, try something like SuSE which has a very easy to use graphical firewall control panel.

ISA (InSecurity &  Annihilation  server) is the worst kind, and avoided at all costs.
LVL 22

Accepted Solution

pjedmond earned 500 total points
ID: 17069084
I particularly recommend smoothwall, or Devil Linux Astaro linux is a superb (but commercial Firewall distribution -

Why use a dedicated linux firewall?:

1.  Minimal software on the box to be compromised.
2.  chroot setup minimises the software available to 'abuse' from 1 even further.
3.  Seperate box, so even if the firewall is compromised, the attackers still haven't gained access to corporate secrets.
4.   Can be used to provide a firewall/vpn capability without degrading your main server's capabilities.
5.   If you use an 'old' PC, then you can have a high quality configurable firewall virtually free of charge! How much will the isa server set you back?

(   (()
(`-' _\
 ''  ''

Expert Comment

ID: 17069395
If you are inexperienced at Linux I would recommend Smoothwall - or IPcop as above, both are similar and capable linux based firewalls, Smoothwall has a free version as well as a commercial version. I have used both and both are good IMHO.

If you are hardcore I would recommend OpenBSD. You dont need much beyond the default install to have a highly capable firewall and it is one of, if not the most secure OS's there is.

I have to disagree with the previous comments on ISA server. It is a fine firewall - the big problem here is the underlying OS - You dont want to have reboot your firewall everytime MS puts out a browser patch. That said You can lock down ISA and Windows to make a secure it just takes alot longer than with a linux based system.

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor ( Top Charts is a view in which you can set seve…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question