Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
mixing a router/server with other services (solved)
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
59729
Apprentice
Apprentice


Joined: 21 Jun 2004
Posts: 279

PostPosted: Fri Nov 21, 2014 11:32 pm    Post subject: mixing a router/server with other services (solved) Reply with quote

I'm running a hardened minimal gentoo server, been inactive for 7years so took the last couple of days to setup. So much to learn im getting overwhelmed and as soon as one thing is done......... Think i've done most of the stuff in the security handbook and still alot from the hardened project to setup, anyways

Right now im running: sshd, dns, logging, iptables
I will also add to that: plex media server, z-wave controller/hub, webserver, sqlserver

Most will not be visible to WAN only sshd, plex media server (also need webinterface so thinking of tunneling through ssh not sure of that works otherwise visible webserver)

I've heard it's bad practice to run router and other services on the same machine, but I live in a very small apartment and trying to keep the physical stuff to a minimum (i know tiny embedded sollutions exists). So i'm wondering what the next best sollutions is?

chroot/virtual machines?

For ex
physical: gentoo, sshd(all interfaces), logging
virtual1: router (dns, wifi ap)
virtual2: other (pms, webserver, database, smarthome/zwave, perhaps samba)

Any suggestions, am I thinking in the right direction? I have zero knowledge about this except what i've read the last couple of hours


Last edited by 59729 on Sat Nov 22, 2014 2:01 am; edited 1 time in total
Back to top
View user's profile Send private message
59729
Apprentice
Apprentice


Joined: 21 Jun 2004
Posts: 279

PostPosted: Fri Nov 21, 2014 11:34 pm    Post subject: Reply with quote

Bear in mind im not asking for a complete sollution, just a tiny bit of handholding to get me started in the right direction. :)
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 42592
Location: 56N 3W

PostPosted: Fri Nov 21, 2014 11:42 pm    Post subject: Reply with quote

lappen,

I run a HP Microserver on hardened. The bare metal install does nothing other than support kernel virtual machines.
Ther are KVMs for a router, mailserver, media server and a NFS server that provides the root FS to a Rasberry Pi that runs a web server.
All the KVMs are hardened too, except the media server.

Investigate Linux Containers too.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
59729
Apprentice
Apprentice


Joined: 21 Jun 2004
Posts: 279

PostPosted: Sat Nov 22, 2014 2:00 am    Post subject: Reply with quote

NeddySeagoon wrote:
lappen,

I run a HP Microserver on hardened. The bare metal install does nothing other than support kernel virtual machines.
Ther are KVMs for a router, mailserver, media server and a NFS server that provides the root FS to a Rasberry Pi that runs a web server.
All the KVMs are hardened too, except the media server.

Investigate Linux Containers too.


Thank you

I think i might go with containers, or maybe KVM for router and LXC for the rest.
Need to read up on the security issues to *sigh*, might be a good time to check out hardened documentation
Anyways this made my life much easier, not much time will probably take a week or two until I can continue to the fun stuff, will post a new thread or ask in channel if I get completely stuck
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum