linux as samba , vpn , ftp and LAMP

I want to make a  redhat linux ES V.04 to work as samba server , vpn server and a LAMP stack ( apache , mysql and php ) this should be accessible for the both lan and for the wan users , please suggest me

1. Is it required to configure with dual nic  one private and other public ip
2.Is hardware router like cisco required or should make linux another linux box to make as router

I have no idea about vpn anyhow I will read and deploy but for setting up vpn like openvpn server what are the requirements  

My biggest doubt is :
Is it required the above server should have both  public and private ip or only the private ip is suggested with all the above server configuartion  deployed on one private ip , for this the access from wan router should be configured to forward the packets to the private ip server , please suggest me on this

Who is Participating?
i am suggesting what comes to my mind.  bounce it off a couple of other people as well that you can rely upon.

i am presuming that you have a small network (with about 200 users or less) and you would have a max of 25 simultaneous guyz wanting to connect through the WAN vpn to get files from samba.

1.  enable dhcp on the linux box. and am also presuming that openvpn server would take care of the dhcp range. dedicate a segment of your local network ip range (assuming that you are using then use to for the DHCP range in openvpn server.  You  can use the ip address 1 through 199 on your network (keep in mind the router and other devices that require an ip as well).

internet -------->  cisco 1721 -------> WAN interface of box  - LAN interface -------> switch <--------- Local Intranet

the site for openvpn claims all types are supported.  machine to machine, lan to lan, etc IPSEC are possible.  that is for you as homework :-)

be careful with your smb.conf file to include trusted network as only one subnet (as this includes your LAN and vpn folkz).

as the vpn users will have a dhcp given IP which your samba would trust to let them in, it should work.  do not connect the Cisco to a switch which also leads into your local network.  this ways there might be a situation at times where there is too much broadcast info from cisco, wan, openvpn, samba etc.

ideally keep the internet route separate as far as possible is what i would suggest.

good luck

samba on a WAN is not advisable.  my suggestion would be for a

dual NIC with samba running on the local interface, you have options to list out the subnets that you want the access to be provided to.

openvpn to run on the WAN interface with a DHCP and you can include that to be a part of the allowed subnets in samba.

php / mysql can run on both interfaces, provided you have sufficient login and other controls to ensure privacy of data.


samba offers (in its base form) unlimited number of password attempts and other options for people who have enough free time to try and break into your server.  unless you set a bad password policy which can be annoying if external users were to lock up accounts on a regular basis.

with a dual NIc you also have the options on IP tables to NAT all outbound traffic and allow only permitted ips etc to have a stringent exposure of your intranet interfaces and other machines on network.

single interface - multiple IPS only increase the amount of broadcast and resolve time (particularly netbios-ssn) in samba and hence can relatively bring down the http response time.

if you are good with IP tables and have ip forwarding enabled on your box, then you do not need a router.  the box can function as a router for you.  but the efficiency and ease of deployment of cisco and other products would mean that a router is easy to deploy.  

D_wathiAuthor Commented:
Thanks , for the reply  , yes samba is for the lan users and vpn for the wan users and also i want samba and vpn in the same server , it will be a great help if you can provide me network design like where the server should be placed , i just placed an order for the ciso 1721 router it is a basic router without vpn , i want to setup vpn server and samba server in the same linux box for this please give me the network design


starting from the router ----------linuxbox (two nic) one private and one public ip

2. linux vpn server for the home users ( dail up and braod band connection) ,and also for the branch office's

3. type of routing required for the vpn server in the cisco router
please suggest me on this
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

ideally, i would have opted for a VPN concentrator from cisco which can do the same thing and management is also easy.  if you were to be investing money then why not try a cisco pix which can take vpn inwards (i think so!) or a dedicated cisco 3005 or something of that calibre.  they are in the same price range!!!
D_wathiAuthor Commented:
but  we have already purchased cisco 1721 without vpn card , thanks for the information your message is vry much valuable to me , i again thank you and i too have few more doubts on the same subject i will post the same in the next week , i request you to update me on that also , tahnks in advance
ok & welcome

i thought that the user was kind of looking only for a pointer for his requirements and was suggesting my thoughts on the same.  i understand that it is not a solution but more of a suggestion.

nontheless, you can't win at all time.

ok by me...
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.