linux as samba , vpn , ftp and LAMP
I want to make a redhat linux ES V.04 to work as samba server , vpn server and a LAMP stack ( apache , mysql and php ) this should be accessible for the both lan and for the wan users , please suggest me
1. Is it required to configure with dual nic one private and other public ip
2.Is hardware router like cisco required or should make linux another linux box to make as router
I have no idea about vpn anyhow I will read and deploy but for setting up vpn like openvpn server what are the requirements
My biggest doubt is :
Is it required the above server should have both public and private ip or only the private ip is suggested with all the above server configuartion deployed on one private ip , for this the access from wan router should be configured to forward the packets to the private ip server , please suggest me on this
1. Is it required to configure with dual nic one private and other public ip
2.Is hardware router like cisco required or should make linux another linux box to make as router
I have no idea about vpn anyhow I will read and deploy but for setting up vpn like openvpn server what are the requirements
My biggest doubt is :
Is it required the above server should have both public and private ip or only the private ip is suggested with all the above server configuartion deployed on one private ip , for this the access from wan router should be configured to forward the packets to the private ip server , please suggest me on this
ASKER
Thanks , for the reply , yes samba is for the lan users and vpn for the wan users and also i want samba and vpn in the same server , it will be a great help if you can provide me network design like where the server should be placed , i just placed an order for the ciso 1721 router it is a basic router without vpn , i want to setup vpn server and samba server in the same linux box for this please give me the network design
1.
starting from the router ----------linuxbox (two nic) one private and one public ip
2. linux vpn server for the home users ( dail up and braod band connection) ,and also for the branch office's
3. type of routing required for the vpn server in the cisco router
please suggest me on this
1.
starting from the router ----------linuxbox (two nic) one private and one public ip
2. linux vpn server for the home users ( dail up and braod band connection) ,and also for the branch office's
3. type of routing required for the vpn server in the cisco router
please suggest me on this
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ideally, i would have opted for a VPN concentrator from cisco which can do the same thing and management is also easy. if you were to be investing money then why not try a cisco pix which can take vpn inwards (i think so!) or a dedicated cisco 3005 or something of that calibre. they are in the same price range!!!
ASKER
but we have already purchased cisco 1721 without vpn card , thanks for the information your message is vry much valuable to me , i again thank you and i too have few more doubts on the same subject i will post the same in the next week , i request you to update me on that also , tahnks in advance
ok & welcome
:-(
i thought that the user was kind of looking only for a pointer for his requirements and was suggesting my thoughts on the same. i understand that it is not a solution but more of a suggestion.
nontheless, you can't win at all time.
ok by me...
i thought that the user was kind of looking only for a pointer for his requirements and was suggesting my thoughts on the same. i understand that it is not a solution but more of a suggestion.
nontheless, you can't win at all time.
ok by me...
dual NIC with samba running on the local interface, you have options to list out the subnets that you want the access to be provided to.
openvpn to run on the WAN interface with a DHCP and you can include that to be a part of the allowed subnets in samba.
php / mysql can run on both interfaces, provided you have sufficient login and other controls to ensure privacy of data.
Reasons:
samba offers (in its base form) unlimited number of password attempts and other options for people who have enough free time to try and break into your server. unless you set a bad password policy which can be annoying if external users were to lock up accounts on a regular basis.
with a dual NIc you also have the options on IP tables to NAT all outbound traffic and allow only permitted ips etc to have a stringent exposure of your intranet interfaces and other machines on network.
single interface - multiple IPS only increase the amount of broadcast and resolve time (particularly netbios-ssn) in samba and hence can relatively bring down the http response time.
if you are good with IP tables and have ip forwarding enabled on your box, then you do not need a router. the box can function as a router for you. but the efficiency and ease of deployment of cisco and other products would mean that a router is easy to deploy.
goutham