Hello everyone,
IM a new user to these boards, and am seeking advice. I recently had my bubble popped on irc, but was told else where that e-smith was "worth a BIG look into", so here i am...
First things first, i am a home user, nonetheless, like running services from my appartment. one of them would be something called apache
as well as a mail server. These would be public services. I have a domain, which i do not use to its full extent, unfortunatly, this is what i want to change.
I have been thinking of the classic setup, having a box as a gateway/firewall for my home network. Probably thousands of linux geeks have done it already. But since i will be running public services and own a domain name, things get a little more complicated side.
here is my objective:
have a fully (to my will) exposed set of internet services, httpd, mail, mysql (whenever...) you get the point. Have them respond to hostname.domain.ca
have the gateway box act as a firewall and (possibly) an name server.
I am a picky person, and wish over everything else;
to keep things local; i want to be in TOTAL CONTROL of my network.
Keep the use of 1 (maximum 2 ips, in case i dont want my domain pointing to lets say my personnal boxes subnet) ... which would result in using NAT ...
Use of centralized security (firewall/gateway) ... centralised LOGs
and most importantly, NO USE OF PORT FORWARDING
why? well first off ... it wouldnt be in total control anymore (i would have to deal extensively with zoneedit management)
second, if i ever add another http box, it becomes painful
third, scrutinizing logs becomes quite painfull ...
this meaning that i do not want to forward request upon looking on service. but upon host requested, so i could http request any box (and get an error if there is no service), lets face it, every open box is going to have ftp and ssh, plus their service (http or mail or even db)
like if i call my service provider and ask to talk to john smith either to talk about my credit status or about his kids, not just asking for the accounting department
anyway, this post is getting quite long and it may not even belong on this board.
so 3 things to remember:
multiple public services running on NAT (AND 1 PUBLIC IP)
Host Name recognition
central internet access and security.
your solution being some sort of dns service, proxy, any combination of those, or ANYTHING!, either with esmith or not (slackware prefered:P) is very appreciated!!!
thanks alot,
lawrence
2 Replies
406 Views