chris wrote:Hi Stock,
you'l probably hear 5 opinions for every 4 people you talk to - but anyway, my best practices opinion from my old security consulting days is definitely divide and conquer. I'd recommend splitting your internal from your external services, and definitely keeping your firewall stand alone.
So an architecture something like the following would be classic:
Code: Select all
Internet --- iptables fw --- internal net --- internal server
|
|
DMZ
|
|
DMZ Server
Anything that should be accesible from the internet goes on the DMZ machine, anything strictly for internal use goes on the internal server. Firewalls should be dedicated boxes, you can either reprovision an older machine or get an inexpensive Cisco if you are worried abou cost for a dedicated gateway.
Regarding scalix, you could put everything on the internal server and run a reverse proxy in the DMZ sending connections back to Scalix for the webmail, as well as a postfix relay dropping mails back to scalix for incoming messaging. Alternatively, you could run scalix-tomcat on the DMZ machine and have it connect back over the firewall to the internal box.
Hope this helps, feel free to ask more questions.
Chris
PS: remember, these are certainly not technical requirements. From a technical standpoint you could run everything on one machine - I just wouldn't recommend it personally.
Thx for the promptly reply, Chris. I was trying thunderbird + lightning but not as good as scalix. I forgot to mention our production box is running pentium 3 (dual cpu's) with raid 5. Its fairly old dell poweredge 4400 . I dono if i should really put everything into one or simply buy another dual core box with sata and running behind it. Can anyone give me some advice here? I am not sure if the box is too old to have scalix 11 or even 10.
For the network portion, the contractor is going to put us on some kind of managed vpn and we gona have a bridge firewall setup on the cisco router . The dell box will have its iptables behind that bridge firewall. I guess that will be similar as the implementation you mentioned (DMZ things).
=================some spec info====================
My_server:/home/dfeng# cat /proc/cpuinfo
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 8
model name : Pentium III (Coppermine)
stepping : 3
cpu MHz : 797.925
cache size : 256 KB
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 2
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov
pat pse36 mmx fxsr sse
bogomips : 1585.15
processor : 1
vendor_id : GenuineIntel
cpu family : 6
model : 8
model name : Pentium III (Coppermine)
stepping : 3
cpu MHz : 797.925
cache size : 256 KB
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 2
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov
pat pse36 mmx fxsr sse
bogomips : 1593.34
My_server:/dev# lspci
0000:00:00.0 Host bridge: ServerWorks CNB20LE Host Bridge (rev 05)
0000:00:00.1 Host bridge: ServerWorks CNB20LE Host Bridge (rev 05)
0000:00:04.0 Ethernet controller: Intel Corp. 82557/8/9 [Ethernet Pro 100] (rev
08)
0000:00:06.0 VGA compatible controller: ATI Technologies Inc 3D Rage IIC (rev 7a
)
0000:00:08.0 Ethernet controller: Intel Corp. 82557/8/9 [Ethernet Pro 100] (rev
08)
0000:00:0f.0 ISA bridge: ServerWorks OSB4 South Bridge (rev 4f)
0000:00:0f.2 USB Controller: ServerWorks OSB4/CSB5 OHCI USB Controller (rev 04)
0000:00:11.0 Host bridge: ServerWorks CNB20LE Host Bridge (rev 05)
0000:00:11.1 Host bridge: ServerWorks CNB20LE Host Bridge (rev 05)
0000:06:04.0 PCI bridge: Intel Corp. 80960RM [i960RM Bridge] (rev 01)
0000:06:04.1 RAID bus controller: Dell PowerEdge Expandable RAID Controller 3/Di
(rev 01)
0000:07:06.0 SCSI storage controller: Adaptec AIC-7880U (rev 02)
My_server:/dev# cat /proc/meminfo
MemTotal: 1036096 kB
MemFree: 21956 kB
Buffers: 256288 kB
Cached: 204888 kB
SwapCached: 0 kB
Active: 474172 kB
Inactive: 283764 kB
HighTotal: 131064 kB
HighFree: 308 kB
LowTotal: 905032 kB
LowFree: 21648 kB
SwapTotal: 1951888 kB
SwapFree: 1951076 kB
Dirty: 152 kB
Writeback: 0 kB
Mapped: 322632 kB
Slab: 245044 kB
Committed_AS: 627120 kB
PageTables: 2120 kB
VmallocTotal: 114680 kB
VmallocUsed: 3820 kB
VmallocChunk: 110784 kB
==========================================================