Solved

linux as samba , vpn , ftp and LAMP

Posted on 2006-10-22
10
311 Views
Last Modified: 2010-03-17
I want to make a  redhat linux ES V.04 to work as samba server , vpn server and a LAMP stack ( apache , mysql and php ) this should be accessible for the both lan and for the wan users , please suggest me

1. Is it required to configure with dual nic  one private and other public ip
2.Is hardware router like cisco required or should make linux another linux box to make as router

I have no idea about vpn anyhow I will read and deploy but for setting up vpn like openvpn server what are the requirements  

My biggest doubt is :
Is it required the above server should have both  public and private ip or only the private ip is suggested with all the above server configuartion  deployed on one private ip , for this the access from wan router should be configured to forward the packets to the private ip server , please suggest me on this







0
Comment
Question by:D_wathi
  • 5
  • 2
10 Comments
 
LVL 14

Expert Comment

by:ygoutham
ID: 17788500
samba on a WAN is not advisable.  my suggestion would be for a

dual NIC with samba running on the local interface, you have options to list out the subnets that you want the access to be provided to.

openvpn to run on the WAN interface with a DHCP and you can include that to be a part of the allowed subnets in samba.

php / mysql can run on both interfaces, provided you have sufficient login and other controls to ensure privacy of data.

Reasons:

samba offers (in its base form) unlimited number of password attempts and other options for people who have enough free time to try and break into your server.  unless you set a bad password policy which can be annoying if external users were to lock up accounts on a regular basis.

with a dual NIc you also have the options on IP tables to NAT all outbound traffic and allow only permitted ips etc to have a stringent exposure of your intranet interfaces and other machines on network.

single interface - multiple IPS only increase the amount of broadcast and resolve time (particularly netbios-ssn) in samba and hence can relatively bring down the http response time.

if you are good with IP tables and have ip forwarding enabled on your box, then you do not need a router.  the box can function as a router for you.  but the efficiency and ease of deployment of cisco and other products would mean that a router is easy to deploy.  

goutham
0
 

Author Comment

by:D_wathi
ID: 17802107
Thanks , for the reply  , yes samba is for the lan users and vpn for the wan users and also i want samba and vpn in the same server , it will be a great help if you can provide me network design like where the server should be placed , i just placed an order for the ciso 1721 router it is a basic router without vpn , i want to setup vpn server and samba server in the same linux box for this please give me the network design

1.

starting from the router ----------linuxbox (two nic) one private and one public ip

2. linux vpn server for the home users ( dail up and braod band connection) ,and also for the branch office's

3. type of routing required for the vpn server in the cisco router
please suggest me on this
0
 
LVL 14

Accepted Solution

by:
ygoutham earned 500 total points
ID: 17802196
i am suggesting what comes to my mind.  bounce it off a couple of other people as well that you can rely upon.

i am presuming that you have a small network (with about 200 users or less) and you would have a max of 25 simultaneous guyz wanting to connect through the WAN vpn to get files from samba.

1.  enable dhcp on the linux box. and am also presuming that openvpn server would take care of the dhcp range. dedicate a segment of your local network ip range (assuming that you are using 192.168.10.0/24) then use 192.168.10.200 to 192.168.10.225 for the DHCP range in openvpn server.  You  can use the ip address 1 through 199 on your network (keep in mind the router and other devices that require an ip as well).

internet -------->  cisco 1721 -------> WAN interface of box  - LAN interface -------> switch <--------- Local Intranet

the site for openvpn claims all types are supported.  machine to machine, lan to lan, etc IPSEC are possible.  that is for you as homework :-)

be careful with your smb.conf file to include trusted network as only one subnet (as this includes your LAN and vpn folkz).

as the vpn users will have a dhcp given IP which your samba would trust to let them in, it should work.  do not connect the Cisco to a switch which also leads into your local network.  this ways there might be a situation at times where there is too much broadcast info from cisco, wan, openvpn, samba etc.

ideally keep the internet route separate as far as possible is what i would suggest.

good luck

goutham
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 
LVL 14

Expert Comment

by:ygoutham
ID: 17802211
ideally, i would have opted for a VPN concentrator from cisco which can do the same thing and management is also easy.  if you were to be investing money then why not try a cisco pix which can take vpn inwards (i think so!) or a dedicated cisco 3005 or something of that calibre.  they are in the same price range!!!
0
 

Author Comment

by:D_wathi
ID: 17840651
but  we have already purchased cisco 1721 without vpn card , thanks for the information your message is vry much valuable to me , i again thank you and i too have few more doubts on the same subject i will post the same in the next week , i request you to update me on that also , tahnks in advance
0
 
LVL 14

Expert Comment

by:ygoutham
ID: 17840754
ok & welcome
0
 
LVL 14

Expert Comment

by:ygoutham
ID: 18075442
:-(

i thought that the user was kind of looking only for a pointer for his requirements and was suggesting my thoughts on the same.  i understand that it is not a solution but more of a suggestion.

nontheless, you can't win at all time.

ok by me...
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cpanel and Mail logs 1 48
UPD maximums on Red Hat 6 108
IPA - change main server? 3 103
Debian 8.5 networking quits working every couple of hours 13 92
I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
This is a video describing the growing solar energy use in Utah. This is a topic that greatly interests me and so I decided to produce a video about it.
This is a video that shows how the OnPage alerts system integrates into ConnectWise, how a trigger is set, how a page is sent via the trigger, and how the SENT, DELIVERED, READ & REPLIED receipts get entered into the internal tab of the ConnectWise …

947 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now