Mailinglist Archive: opensuse-edu (103 mails)
| < Previous | Next > |
Re: [suse-linux-uk-schools] Router IP addresses
- From: "Alan Davies" <staff.asd@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 20 Dec 2000 10:10:48 +0000 (UTC)
- Message-id: <Marcel-1.46-1220101010-1cbXV&d@sparerpc>
On Wed 20 Dec, kevin.taylor@xxxxxxxxxxxxxxxxxxxx wrote:
> A general note: It is advisable to run as little on your ISP connected box
> as you can get away with - so I would recommend that you don't use
> the same machine as you are using for Samba if possible.
Yes - and No. It depends what your priorities are. For 'security' there
is definately a potential problem if your 'firewall' machine is also
running as a server (be it web, samba, or other) as it allows external
users access to it. Of course - you may decide that you would like
external access to your servers from home.
As far as 'loading' is concerned you would need a very slow linux box and
a hundred or more busy PC stations before I would start worrying
about impact on performance.
>
> The ideal situation is a single machine doing firewalling/NAT with other
> services on other machines - but this is probably more for larger
> configurations.
We have considered separating our NT mail and proxy server simply to guard against
losing both if one fails. Generally Linux is regarded as more stable so
this should not be a problem.
--
Alan Davies
Head of Computing
Birkenhead School
> A general note: It is advisable to run as little on your ISP connected box
> as you can get away with - so I would recommend that you don't use
> the same machine as you are using for Samba if possible.
Yes - and No. It depends what your priorities are. For 'security' there
is definately a potential problem if your 'firewall' machine is also
running as a server (be it web, samba, or other) as it allows external
users access to it. Of course - you may decide that you would like
external access to your servers from home.
As far as 'loading' is concerned you would need a very slow linux box and
a hundred or more busy PC stations before I would start worrying
about impact on performance.
>
> The ideal situation is a single machine doing firewalling/NAT with other
> services on other machines - but this is probably more for larger
> configurations.
We have considered separating our NT mail and proxy server simply to guard against
losing both if one fails. Generally Linux is regarded as more stable so
this should not be a problem.
--
Alan Davies
Head of Computing
Birkenhead School
| < Previous | Next > |