[TCLUG] Bastion host project...

Mon Oct 8 14:51:01 CDT 2001

On Mon, Oct 08, 2001 at 12:48:49PM -0500, Yahoo mail wrote:
> It appears to be a rather complex undertaking, as this box would sit
> in the DMZ and thus would need to be very secure.  It is required to
> perform only as a smtp relay host between Visi.com and our Exchange
> server behind the firewall.  

As a relay host, you do not need a lot of disc space, but you do want
through-put.  Features in your host should be:

    * Network Interface Card (100BaseT Full Duplex)
    * SCSI2/3 Harddrive 
        - throughput being the key 
        - 1GB+ would do
    * RAM
        - At least 64MB
        - The more the better
    o Video Card (opt)
        - Video cards are nice for servers, but not necessary
    o ATX Power Supply
        - In a server environment, this is what you want.
        - Power to last state (i.e. if powerfailure, powers back on
          automatically when available)

Distribution of Choice: Debian Stable (Potato)

Email Server Software: Postfix, Sendmail, Exim (in order of preference)
    - You will most likely have to rewrite the email address coming
      from MS Exchange Server.
    - Simple relay configuration
    - Possible tie-in to anti-virus scanning software
    - Possible tie-in to anti-spam filtering

Method of installation: Floppy (Debian base)
Total installation size: < 45MB

Other Configuration Needs:
    o Use iptables to block all incoming TCP and UDP connections
      except for:
        - tcp port 25 (smtp)
        - non-syn tcp packets (IOW, TCP replies from an established
          connection to another machine)
        - icmp ping-reply
    o Disable use of most superserver (inetd) processes
        - Default by Debian setup
    o Syslog

Installation Instructions can be found at: http://www.debian.org
HOWTO's found at: http://www.linuxdoc.org
Other Suggested Email Lists: debian-isp at lists.debian.org

-- 
Chad Walstrom <chewie at wookimus.net>                 | a.k.a. ^chewie
http://www.wookimus.net/                            | s.k.a. gunnarr
Key fingerprint = B4AB D627 9CBD 687E 7A31  1950 0CC7 0B18 206C 5AFD

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://shadowknight.real-time.com/pipermail/tclug-list/attachments/20011008/603c1e74/attachment.pgp