Solved

linux as samba , vpn , ftp and LAMP

Posted on 2006-10-22
10
310 Views
Last Modified: 2010-03-17
I want to make a  redhat linux ES V.04 to work as samba server , vpn server and a LAMP stack ( apache , mysql and php ) this should be accessible for the both lan and for the wan users , please suggest me

1. Is it required to configure with dual nic  one private and other public ip
2.Is hardware router like cisco required or should make linux another linux box to make as router

I have no idea about vpn anyhow I will read and deploy but for setting up vpn like openvpn server what are the requirements  

My biggest doubt is :
Is it required the above server should have both  public and private ip or only the private ip is suggested with all the above server configuartion  deployed on one private ip , for this the access from wan router should be configured to forward the packets to the private ip server , please suggest me on this







0
Comment
Question by:D_wathi
  • 5
  • 2
10 Comments
 
LVL 14

Expert Comment

by:ygoutham
ID: 17788500
samba on a WAN is not advisable.  my suggestion would be for a

dual NIC with samba running on the local interface, you have options to list out the subnets that you want the access to be provided to.

openvpn to run on the WAN interface with a DHCP and you can include that to be a part of the allowed subnets in samba.

php / mysql can run on both interfaces, provided you have sufficient login and other controls to ensure privacy of data.

Reasons:

samba offers (in its base form) unlimited number of password attempts and other options for people who have enough free time to try and break into your server.  unless you set a bad password policy which can be annoying if external users were to lock up accounts on a regular basis.

with a dual NIc you also have the options on IP tables to NAT all outbound traffic and allow only permitted ips etc to have a stringent exposure of your intranet interfaces and other machines on network.

single interface - multiple IPS only increase the amount of broadcast and resolve time (particularly netbios-ssn) in samba and hence can relatively bring down the http response time.

if you are good with IP tables and have ip forwarding enabled on your box, then you do not need a router.  the box can function as a router for you.  but the efficiency and ease of deployment of cisco and other products would mean that a router is easy to deploy.  

goutham
0
 

Author Comment

by:D_wathi
ID: 17802107
Thanks , for the reply  , yes samba is for the lan users and vpn for the wan users and also i want samba and vpn in the same server , it will be a great help if you can provide me network design like where the server should be placed , i just placed an order for the ciso 1721 router it is a basic router without vpn , i want to setup vpn server and samba server in the same linux box for this please give me the network design

1.

starting from the router ----------linuxbox (two nic) one private and one public ip

2. linux vpn server for the home users ( dail up and braod band connection) ,and also for the branch office's

3. type of routing required for the vpn server in the cisco router
please suggest me on this
0
 
LVL 14

Accepted Solution

by:
ygoutham earned 500 total points
ID: 17802196
i am suggesting what comes to my mind.  bounce it off a couple of other people as well that you can rely upon.

i am presuming that you have a small network (with about 200 users or less) and you would have a max of 25 simultaneous guyz wanting to connect through the WAN vpn to get files from samba.

1.  enable dhcp on the linux box. and am also presuming that openvpn server would take care of the dhcp range. dedicate a segment of your local network ip range (assuming that you are using 192.168.10.0/24) then use 192.168.10.200 to 192.168.10.225 for the DHCP range in openvpn server.  You  can use the ip address 1 through 199 on your network (keep in mind the router and other devices that require an ip as well).

internet -------->  cisco 1721 -------> WAN interface of box  - LAN interface -------> switch <--------- Local Intranet

the site for openvpn claims all types are supported.  machine to machine, lan to lan, etc IPSEC are possible.  that is for you as homework :-)

be careful with your smb.conf file to include trusted network as only one subnet (as this includes your LAN and vpn folkz).

as the vpn users will have a dhcp given IP which your samba would trust to let them in, it should work.  do not connect the Cisco to a switch which also leads into your local network.  this ways there might be a situation at times where there is too much broadcast info from cisco, wan, openvpn, samba etc.

ideally keep the internet route separate as far as possible is what i would suggest.

good luck

goutham
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 14

Expert Comment

by:ygoutham
ID: 17802211
ideally, i would have opted for a VPN concentrator from cisco which can do the same thing and management is also easy.  if you were to be investing money then why not try a cisco pix which can take vpn inwards (i think so!) or a dedicated cisco 3005 or something of that calibre.  they are in the same price range!!!
0
 

Author Comment

by:D_wathi
ID: 17840651
but  we have already purchased cisco 1721 without vpn card , thanks for the information your message is vry much valuable to me , i again thank you and i too have few more doubts on the same subject i will post the same in the next week , i request you to update me on that also , tahnks in advance
0
 
LVL 14

Expert Comment

by:ygoutham
ID: 17840754
ok & welcome
0
 
LVL 14

Expert Comment

by:ygoutham
ID: 18075442
:-(

i thought that the user was kind of looking only for a pointer for his requirements and was suggesting my thoughts on the same.  i understand that it is not a solution but more of a suggestion.

nontheless, you can't win at all time.

ok by me...
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now