Op Wed, 18 Mar 2015 03:58:02 +0000, schreef Dan Purgert: <snip> > I read it as you were /planning/ on using a Debian box for routing and > firewall (and then switched gears to "what's a good appliance?" midway > through the writing), which is why I asked. > > Honestly, unless you already have said box ready to go, I would skip it > and just use an appliance (e.g. the UBNT Edge Router). Less to go wrong > / muck up.
I don't have such a box so I would rather use an appliance as you suggested. >> Thanks, looks like a simple and adequate solution. > > Yeah, they're a bit more than "adequate" -- they rival equipment put out > by other vendors that's several times more expensive (IIRC, "cheap" > Cisco kit is like 500-1000 USD). Yes, I really liked the specs. > Note - I'm in the USA, perhaps your local ISP's equipment isn't as > rubbish as the ones here. Best way to figure it out is by finding out > what they'd supply, and then digging up discussions about it on google. Indeed, I will look at the router type and see what google comes up with. > What I meant was that if you're putting a "local" server into a DMZ area > already (because it's public facing), adding that extra internal server > seems to be adding complexity for the sake of complexity, and wouldn't > be offering you any benefits -- this also ties in with your webmail > solution, if you choose to also have that going. > > Now, if you were a bigger company with two or more sites that happen to > be somewhat distant from one another, then running a relay would be > beneficial (as users would all be hitting their "local" mail server, > instead of /everyone/ needing to hit the server at your HQ site). That's a valid remark. I will opt to leave the mailserver on the VPS for the time being. > You've already got a frontend for them (hint - "roundcube") Yes, I just need to find a good plugin allowing for the users to change their password. > Probably not. I mean, yeah some of the syntax for the config files may > have changed, but LDAP is still LDAP ... so the core principles of the > setups will be the same. I dug up my notes and I have found some ldif files and procedures. I'm good to go. > emacs :) Hehe, I have tried it once. I should take the time to give it a more thorough try. > Git works well with source code, I'm not really sure how well it works > outside of that (e.g. ODT files). I imagine that it would provide > "some" of the functionality you're looking for, but possibly not all of > it. > > For simple text files, I've taken a liking to rcs. One of the guys here > (or on one of the other newsgroups I haunt) had a decent basic wrapper > for it too. I don't know rcs. I will have a look at it. > Well, not so sure about the extra firewall in the mix there - I mean, > yeah you'll have one on site likely as part of your router appliance ... > but that's pretty much a given these days anyway. > > Or are you planning on throwing a firewall somewhere else, such as > between the LAN and the file server (and if so - why?) I would hook up the firewall after the ISP router, before the LAN. The routers of ISP's here only have very basic firewall capabilities. I rather use my own device to protect the LAN. And it gives me a chance to learn the UBNT Edge router. > They'll definitely make it to your ISP. Whether or not your ISP will > relay them as "yourdomain.com" or > "our-ip-address-block.somewhere.ISP.com" > is something you'll have to check with them though ... > > Really about the only guaranteed way of getting that would be to own an > actual block of IPs (i.e. bought directly from one of the number > registrars ... ARIN or RIPE or one of their delegated subsidiaries). > But in doing so, you're talking about buying something like a /20 (or > whatever their currently "smallest" allocation is). A big block is going to be overkill so I'll have to get by with whatever my ISP offers me. If I have a couple of IP's, it's enough for the public services I have. Regards, Benedict -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/mebf48$dbt$1...@ger.gmane.org