[CS-FSLUG] Challenge Question

[Ed Hurst]

Alvin Smith wrote:

>>Outline how you would set this up, and respond in the comments. It would
>>be good if you explain why you favor this or that OS for the gateway.
> 
> First of all, I would not do it that way.  I would put everything BEHIND a VPN 
> router/firewall, with the mail and web server in the DMZ, and tunnel into the 
> XP server.
> 
> Sort of like this:
> http://www.smoothwall.net/products/smoothtunnel/

Interesting. My challenge reflects a conversation I overheard today
while visiting my friend who owns a computer shop. I don't believe I
stand to gain much money from this, but I'm only too glad to encourage
FOSS use where possible.

At any rate, the customer doesn't want a collection of servers when
there are only nine workstations, and will never be as many as 25 even
if his business expands greatly. He's willing to buy one new server as
the firewall/gateway. The reason I would suggest running the mail server
there as well, is because (I've been told) Winware isn't quite so
intelligent about using blocklists -- the customer really wants to use
them. Blocklisting seems to work best by firewalling off unwanted
connections at the exterior face.

He wants to get away from paying big bucks for a massive machine to
filter the spam, which he now does. He never heard of reverse-DNS
blocklisting until this week. He specifically wanted to include it. How
would you work that in? Also, would your configuration prevent serving
regular webpages to customers, along with the the passworded content?

-- 
Ed Hurst
-----------
A Bible Site -- http://webs.tconline.net/softedges/
Linux & Unix Help -- http://ed.asisaid.com/
Blog -- http://ed.asisaid.com/blog/