-
January 18th, 2005, 12:01 PM
#1
Intranet Architecture
Hey All !
My college is planning to set up its own web server and mail server. Currently, we have a 1700 series Cisco router connected directly to the internet. The router is connected to a switch which inturn is connected to four proxy servers. We want to implement an architecture in which our web server and mail server can be accessed by hosts within the intranet without the request being forwardedto the internet. This isn't much of a hard job for someone with the qualification and knowledge. Unfortunately we don't have much experience and have only theoretical knowledge regarding networking. It would be a really great help if somone could tell me the best way to implement to implement this design.
PacketThirst
-
January 18th, 2005, 01:08 PM
#2
Senior Member
I think your looking for a DMZ (Demilitarized Zone) for security and DNS as your actual solution.
I dont really have too much time to explain in my first post, but from what i gathered you want is this:
http://janas.customer.netspace.net.au/design.png
now, that should do the trick. However, its usually a little overkill (i get excited sometimes), so a semi-dmz would probably work. Depending on your situation.
Msg Back with what you think, and i can make adjustments, or scrap the idea. Either Or
Also, what server will you be running ? Win32 or *Nix ?
-
January 20th, 2005, 05:55 PM
#3
Sorry for the very late reply. Thats a pretty neat design. The proxy servers are going to be Linux running Apache.
-
January 20th, 2005, 06:15 PM
#4
The proxy servers are going to be Linux running Apache.
I didnt get that. Why the proxies will run Apache?
I thought that "proxy servers" were "cache proxy servers".....
Another (dumb) one:
Are your Mail and Web servers suposed to be acessed from outside (Internet) or they are for internal use only?
Meu sítio
FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
If I die before I sleep, I pray the Lord my soul to encrypt. If I die before I wake, I pray the Lord my soul to brake.
-
January 21st, 2005, 06:18 PM
#5
oops sorry for that error..... The web server is going to be Apache and the proxy server, Squid. The Mail and Web servers are to be accessed from both inside and outside the intranet!
-
January 21st, 2005, 06:44 PM
#6
oops sorry for that error..... The web server is going to be Apache and the proxy server, Squid. The Mail and Web servers are to be accessed from both inside and outside the intranet! [/B]
Ok. So The easiest and best config is the Double Cut' one.
You wil have 3 networks zones:
a) DMZ --> where your mail and web server resides. Called DMZ
b) Internal --> where everything that belongs to you resides. Callled CORP
c) Internet --> the world. Called NET
so, lets do a crap draw:
CORP
^
|
|
FIREWALL --> INTERNET
|
|
V
DMZ
Your firewall will include a Netfilter (a.k.a. iptables) packet filter AND your SQUID Cache.
Firewall rules for CORP:
allow the desired traffic to INTERNET (http, https, anything else?). All connections must start from INSIDE.
allow HTTP,HTTPS,SMTP,POP3 to DMZ
Firewall rules for DMZ:
allow HTTP,HTTPS,SMTP,POP3 from anywhere
-----
Everything else should be blocked.
Missed something?
Meu sítio
FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
If I die before I sleep, I pray the Lord my soul to encrypt. If I die before I wake, I pray the Lord my soul to brake.
-
January 21st, 2005, 06:59 PM
#7
Thanks a lot cacosapo and Doublecut!
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|