| View previous topic :: View next topic |
| Author |
Message |
Blackace
Retired Dev
Joined: 28 Jul 2002
Posts: 58
|
 Posted: Thu Aug 08, 2002 11:01 pm Post subject: Advice on system packages ??? |
 |
|
What packages/techniques would you guys recommend for the following uses of my Gentoo system ?
First Stage:
- Samba server for W2K machines on a local network where all machines have visible IP addresses.
- Mail server, preferably using IMAP to deliver e-mail from multiple offsite servers (POP3/IMAP) to clients on the local network.
Final Stage:
- Firewall located between an aDSL modem and a hub.
- Nameserver for a domain name.
- Webserver for the domain name.
- FTP server for the domain name.
- Mailserver, preferably using IMAP, POP, and webmail (webmail is the easy part) to deliver e-mail from multiple offsite servers (POP3/IMAP) as well as the local server (the domain name) to clients inside the local network.
- Samba server for W2K machines inside the local network, providing domain services (logon/profiles), file and printer sharing.
- And possibly an MS Exchange server, unless I migrate completely to Linux.
The first stage I want to do right now, and the final stage is down the road about six months from now. I'll be using the Samba server (already configured) to store ghost backups of W2K machines, and in the final stage to provide printer sharing services, roaming profiles, file storage and domain logons.
I'd really appreciate any opinions, tips, gotchas, links, etc.
Thanks,
Blackace.
_________________
Few things are harder to put up with than the annoyance of a good example.
- Mark Twain |
|
| Back to top |
|
 |
delta407
Bodhisattva
Joined: 23 Apr 2002
Posts: 2876
Location: Chicago, IL
|
| Posted: Fri Aug 09, 2002 5:38 am Post subject: Re: Advice on system packages ??? |
|
|
| Blackace wrote: | - Samba server for W2K machines on a local network where all machines have visible IP addresses.
|
Well, Samba obviously. 
| Blackace wrote: | - Mail server, preferably using IMAP to deliver e-mail from multiple offsite servers (POP3/IMAP) to clients on the local network.
|
The most common route seems to be Postfix + Courier-IMAP. Postfix is a nice (and logical) MTA; most people prefer it over sendmail. Ah well.
| Blackace wrote: | | Firewall located between an aDSL modem and a hub. |
iptables.
| Blackace wrote: | | Nameserver for a domain name. |
BIND. It may have had security problems, but a huge majority of DNS servers run BIND.
| Blackace wrote: | | Webserver for the domain name. |
Apache. No question. Big community, excellent feature set.
| Blackace wrote: | | FTP server for the domain name. |
Pure-FTPd seems to be the choice of Gentoo users. Easy to configure and quite secure.
| Blackace wrote: | | ]Mailserver, preferably using IMAP, POP, and webmail (webmail is the easy part) to deliver e-mail from multiple offsite servers (POP3/IMAP) as well as the local server (the domain name) to clients inside the local network. |
fetchmail is your friend.
| Blackace wrote: | | Samba server for W2K machines inside the local network, providing domain services (logon/profiles), file and printer sharing. |
I haven't used Samba as a DC, but you'll quickly be missing the group policy stuff. If you have more than, say, a dozen Win2k clients, you will probably be better off with a Win2k server. The two play nicely together and make administration a breeze. (I administer 80 Win2k boxen on one site and, as much as I like Samba, could not imagine life without group policies.)
| Blackace wrote: | | And possibly an MS Exchange server, unless I migrate completely to Linux. |
Are you going to be using it for groupware (calendars, meetings, shared contacts, etc.)? If Outlook is on the desktop, Exchange is a good choice. It's a really sucky mail server but you can't beat it's integration (simply because Microsoft wrote the rest of the Office suite and the operating system it runs on). If you want groupware on Windows, Outlook + Exchange is (IMO) the best option. If you want e-mail, go with something Linux based on the server and something designed to be an e-mail client on the desktop.
Again, Exchange sucks as a mail server and Outlook sucks as a mail client. I know few people that will argue. IMO, the only reason to use either is for the integration with eachother which in turn allows you to get arguably the best groupware setup on the Windows desktop.
| Blackace wrote: | | in the final stage to provide printer sharing services, roaming profiles, file storage and domain logons |
Again, consider how valuable group policies are to you. Without them, if you have more boxen than you can count on your appendages, you'll likely run into problems.
_________________
I don't believe in witty sigs. |
|
| Back to top |
|
|
puddpunk
l33t
Joined: 20 Jul 2002
Posts: 681
Location: New Zealand
|
| Posted: Fri Aug 09, 2002 7:35 am Post subject: ? |
|
|
iptables?
i always thought iptables were outdated and replaced by ipchains! |
|
| Back to top |
|
|
citizen428
Retired Dev
Joined: 10 Jun 2002
Posts: 317
Location: Vienna, Austria
|
| Posted: Fri Aug 09, 2002 7:37 am Post subject: |
|
|
I have to agree with delta407 on most of what he said, except that I like proftpd more than pure-ftpd. But that's just a matter of taste I guess.
Our server (Gentoo of course  ) runs Apache 1.2.26 with mod_php 4.2.2 as a webserver, postfix+courier-imap for mail and Squirrelmail as webmail (really nice webmail IMO). As stated above we use proftpd as FTP server.
So you could call it a pretty standard setup. |
|
| Back to top |
|
|
dioxmat
Bodhisattva
Joined: 04 May 2002
Posts: 709
Location: /home/mat
|
| Posted: Fri Aug 09, 2002 7:37 am Post subject: |
|
|
other way around actually. ipchains was in 2.2.*, iptables is in 2.4.*.
_________________
mat |
|
| Back to top |
|
|
rac
Bodhisattva
Joined: 30 May 2002
Posts: 6553
Location: Japanifornia
|
| Posted: Fri Aug 09, 2002 7:40 am Post subject: Re: ? |
|
|
| puddpunk wrote: | | i always thought iptables were outdated and replaced by ipchains! |
Other way around. ipfwadm in 2.0, ipchains in 2.2, iptables in 2.4.
_________________
For every higher wall, there is a taller ladder |
|
| Back to top |
|
|
puddpunk
l33t
Joined: 20 Jul 2002
Posts: 681
Location: New Zealand
|
| Posted: Fri Aug 09, 2002 1:20 pm Post subject: |
|
|
well spank my ass and call me charlie
What a useful Chunk of information. I'll be sure to remember that when i get around to replacing my WinProxy with gentoo  |
|
| Back to top |
|
|
michaelb
l33t
Joined: 06 Jun 2002
Posts: 686
Location: Ann Arbor, MI
|
| Posted: Fri Aug 09, 2002 2:04 pm Post subject: |
|
|
*SPANK*
Charlie.
The biggest difference between the two is that iptables is a stateful firewall, where ipchains is stateless. What this boils down to is that under ipchains, a malformed packed could wheedle its way into your system by saying, "oh, I'm part of an existing transmission". However, iptables would check, and say, "um, no. Now go away, or I shall taunt you a second time." Or something like that. |
|
| Back to top |
|
|
delta407
Bodhisattva
Joined: 23 Apr 2002
Posts: 2876
Location: Chicago, IL
|
| Posted: Fri Aug 09, 2002 10:34 pm Post subject: |
|
|
| michaelb wrote: | | However, iptables would check, and say, "um, no. Now go away, or I shall taunt you a second time." Or something like that. |
Or just crush them with a large hammer and silenty drop them into the bitbucket.
Well, silent except for the "klink" (like loose change) once they hit the bottom of /dev/null...
_________________
I don't believe in witty sigs. |
|
| Back to top |
|
|
puddpunk
l33t
Joined: 20 Jul 2002
Posts: 681
Location: New Zealand
|
| Posted: Fri Aug 09, 2002 10:45 pm Post subject: . |
|
|
i always thought /dev/null was bottemless
But before we get off topic...
Which is easier to set up? IPCHAINS or IPTables? I had just figured out what and how to use IPChains, and now IPTables are here, i have to learn something else |
|
| Back to top |
|
|
friedmud
Apprentice
Joined: 18 Apr 2002
Posts: 258
Location: Austin, TX USA
|
| Posted: Fri Aug 09, 2002 10:59 pm Post subject: |
|
|
Only suggestions I have that is different from the rest is: use dbjdns.
It is VERY easy to setup (just emerge djbdns and follow the directions).
It has had VERY few vulnerabilities (in fact if you find one the author will give you $2000).
It is fast, and doesn't use very many resources.
I highly suggest it.
Derek |
|
| Back to top |
|
|
friedmud
Apprentice
Joined: 18 Apr 2002
Posts: 258
Location: Austin, TX USA
|
| Posted: Fri Aug 09, 2002 11:00 pm Post subject: |
|
|
Oh, one more.
I agree that proftpd is better. It is again really easy to install and maintain and has a low profile.
Derek |
|
| Back to top |
|
|
arkane
l33t
Joined: 30 Apr 2002
Posts: 918
Location: Phoenix, AZ
|
| Posted: Sat Aug 10, 2002 4:44 am Post subject: |
|
|
I will add my .02 cents in about Samba with Win2K. I've been working with Samba 2.2.x (it's with debian, they finally upgraded to the year 2002!!) and Win2K, and for the life of me I can't get Win2K to connect as a domain with Samba. I've read the documentation that samba.org has, I've even successfully gotten an entire company of 20-25 system connected before under WinNT4. (full integration as a domain controller) It's odd!
But, yeah.. try it out on a machine or two before making it full scale. I do it with VMWare, and it works quite nicely. It's how I tested the WinNT4 migration to Samba before I actually did it. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Other Things Gentoo
