From mboxrd@z Thu Jan 1 00:00:00 1970 From: Skylar Thompson Subject: Re: Linux Help Date: Mon, 19 Jul 2004 21:59:02 -0500 Sender: linux-config-owner@vger.kernel.org Message-ID: <20040720025902.GA93963@quark.cs.earlham.edu> References: <20040719224934.4820.SAVAGE-GARDEN@hanikamail.com> Reply-To: Skylar Thompson Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="huq684BweRXVnRxX" Return-path: Content-Disposition: inline In-Reply-To: <20040719224934.4820.SAVAGE-GARDEN@hanikamail.com> List-Id: To: Kev Cc: linux-config@vger.kernel.org --huq684BweRXVnRxX Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jul 19, 2004 at 10:50:07PM +0600, Kev wrote: > Hi, >=20 > I'm new to Linux, so i'm paling to install a gateway, with the following, >=20 > 1. Firewall On Linux, your choices are pretty limited: ipchains or iptables. On a new installation, I can see of no reason not to go with iptables. > 2. DNS Without more information, I'd say BIND 9 (http://www.isc.org/sw/bind/). It's stable, secure, and full of nice features. > 3. DHCP Again, without more information, the obvious choice is ISC-DHCP 3 (http://www.isc.org/sw/dhcp/). > 4. SMTP (relay only) Here you've got lots of options. I personally maintain Sendmail (http://www.sendmail.org) on a variety of platforms (OS/2, Red Hat Linux, Debian GNU/Linux, Solaris, FreeBSD, and NetBSD) and find it to be full of features, but a real PITA when it comes to debugging. Since all you want to do is relay, and for reasons I'll explain in the next point, I'm going to recommend Exim (http://www.exim.org). > 5. Email Virus Scaning If all you are doing is virus scanning, I'd suggest using ClamAV (http://www.clamav.net). To avoid needing to use a milter (I can't recall whether Exim supports milters), I'd highly recommend MailScanner (http://wwww.mailscanner.info). It uses a two-queue solution that obviates the need for milters, and in my experience increases mail throughput by as much as 10x compared to milters. It can be easily setup to call a spam filter such as SpamAssassin (http://www.spamassassin.org) and a virus scanner such as ClamAV (http://www.clamav.net). > 6. Gray Listing (email) SpamAssassin or MailScanner can do this. > 7. NAT This is done with iptables. > 8 Web Cashing Squid (http://www.squid-cache.org) is the best one I've used. I use it on a NetBSD box in front of a cable connection to do transparent proxying, and it works marvelously. > 9. Web Based Configuration tool for all above. Definitely Webmin (http://www.webmin.com). =20 > can any one tell me the best Linux version to use, (RedHat, Debian, etc) > and the software i can use, like DNS =3D BIND, some thing simple to use... =20 While I've been a devout Red Hat user for years, I've been shying away from Red Hat on new installs because they've been moving away from personal users and concentrating almost exclusively on the commercial customers. Fedora isn't (and wasn't intended to be) as well-polished as Red Hat 9, so I'd go with Debian. It has a large user and developer base, so it's not going south any time soon. > the Box will be a P2 with 256MB ram but if i can get it to work on a P1 > 166Mhz that would be great.... Especially for mail filtering, you're going to want as much CPU power and RAM as you can throw at it. Go SMP if you can. You might even want to run that P1 for DHCP, DNS routing if you can, so that those services don't get slowed down significantly if you suddenly get a huge spike in mail traffic. Web caching benefits from having as much RAM and hard drive space as possible, but CPU power isn't as much of a concern for it. --=20 -- Skylar Thompson (skylar@cs.earlham.edu) -- http://www.cs.earlham.edu/~skylar/ --huq684BweRXVnRxX Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFA/Ip2sc4yyULgN4YRAqOLAKCBgrTvTTczag0j3hN5PLF4yrQ6/gCcDfTV JMQ6dGARUEmtOyIlmMnEBTc= =Alf8 -----END PGP SIGNATURE----- --huq684BweRXVnRxX--