Hi !
I'm deploying a pair of SME 7 servers for my company. Their role will be to host websites, mailboxes and offer VPN access, and optionally to let LDAP acessible from the internal network.
I have public IPs for both SME, and they have a single adress on my local network. I already have a DNS/DHCP server on the LAN.
I need the following services to be avaible :
On the WAN side :
- http
- smtp (with authentification)
- imaps
- pptp
- webmail (https only)
On the LAN side :
- http
- smtp
- imaps
- ftp (for iBays only)
- ldap
- webmail
I want to disable the folowing :
- http proxy
- smtp proxy
- samba
- NAT (already have a router on another connexion for surfing from the LAN)
- DHCP (already disabled)
- internal DNS (even external if not needed as the domains are resolved by a public DNS on internet)
- atalkd (never used it anyway)
- lpd (no printer attached, will never be)
- smartd (running in vmware, no smart avaible)
... (i may have missed some, sme provides too much
The question is : how to properly disable these services without compromising SME' stability?
Thanks a lot for any help provided
edit:
Before anyone asks, I use 2 servers because I have to dissociate two sets of domains for 2 different legal entities, thus avoiding me to use the same IP an virtual machine for both servers. As I make an extensive use of virtualisation for my servers, it won't cost more to have 2 virtual machines instead of just one...
edit2:
I have an issue while trying to install vmware-tools. It needs to unload network card driver module, and rmmod locks on it because eth1 (internal) is in use. How to free it? I thought I could boot in rescue/single user mode but there's no relevant option in grub menu. How to let it unload the module?
11 Replies
2648 Views