Results 1 to 7 of 7

Thread: Intranet Architecture

  1. #1
    Senior Member PacketThirst's Avatar
    Join Date
    Aug 2004
    Posts
    258

    Exclamation Intranet Architecture

    Hey All !

    My college is planning to set up its own web server and mail server. Currently, we have a 1700 series Cisco router connected directly to the internet. The router is connected to a switch which inturn is connected to four proxy servers. We want to implement an architecture in which our web server and mail server can be accessed by hosts within the intranet without the request being forwardedto the internet. This isn't much of a hard job for someone with the qualification and knowledge. Unfortunately we don't have much experience and have only theoretical knowledge regarding networking. It would be a really great help if somone could tell me the best way to implement to implement this design.



    PacketThirst

  2. #2
    Senior Member
    Join Date
    Jan 2005
    Posts
    128
    I think your looking for a DMZ (Demilitarized Zone) for security and DNS as your actual solution.

    I dont really have too much time to explain in my first post, but from what i gathered you want is this:

    http://janas.customer.netspace.net.au/design.png

    now, that should do the trick. However, its usually a little overkill (i get excited sometimes), so a semi-dmz would probably work. Depending on your situation.

    Msg Back with what you think, and i can make adjustments, or scrap the idea. Either Or

    Also, what server will you be running ? Win32 or *Nix ?
    http://sfx-images.mozilla.org/affili...88x31/take.gif
    If You\'ve Done Something Right. People Wont Know You\'ve Done Anything At All - God (futurama)

  3. #3
    Senior Member PacketThirst's Avatar
    Join Date
    Aug 2004
    Posts
    258
    Sorry for the very late reply. Thats a pretty neat design. The proxy servers are going to be Linux running Apache.

  4. #4
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,130
    The proxy servers are going to be Linux running Apache.
    I didnt get that. Why the proxies will run Apache?

    I thought that "proxy servers" were "cache proxy servers".....

    Another (dumb) one:

    Are your Mail and Web servers suposed to be acessed from outside (Internet) or they are for internal use only?
    Meu sítio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

  5. #5
    Senior Member PacketThirst's Avatar
    Join Date
    Aug 2004
    Posts
    258
    oops sorry for that error..... The web server is going to be Apache and the proxy server, Squid. The Mail and Web servers are to be accessed from both inside and outside the intranet!

  6. #6
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,130
    oops sorry for that error..... The web server is going to be Apache and the proxy server, Squid. The Mail and Web servers are to be accessed from both inside and outside the intranet! [/B]
    Ok. So The easiest and best config is the Double Cut' one.


    You wil have 3 networks zones:

    a) DMZ --> where your mail and web server resides. Called DMZ
    b) Internal --> where everything that belongs to you resides. Callled CORP
    c) Internet --> the world. Called NET

    so, lets do a crap draw:

    CORP
    ^
    |
    |
    FIREWALL --> INTERNET
    |
    |
    V
    DMZ

    Your firewall will include a Netfilter (a.k.a. iptables) packet filter AND your SQUID Cache.

    Firewall rules for CORP:
    allow the desired traffic to INTERNET (http, https, anything else?). All connections must start from INSIDE.
    allow HTTP,HTTPS,SMTP,POP3 to DMZ


    Firewall rules for DMZ:

    allow HTTP,HTTPS,SMTP,POP3 from anywhere

    -----
    Everything else should be blocked.

    Missed something?
    Meu sítio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

  7. #7
    Senior Member PacketThirst's Avatar
    Join Date
    Aug 2004
    Posts
    258
    Thanks a lot cacosapo and Doublecut!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •