Timothy Wilson wrote:
> My broadband was just connected and I have rejoined the Internet age following
> my four-month stint as a lowly dialup user (with apologies to other lowly dialup
> users :-). My new place is thoroughly wired and I'm ready to assemble a home
> network. I was hoping to get some thoughts on the issue.
 
> My thought is that this rig will be a fun learning environment for me so I was
> planning on using the Athlon for a LAN file server and the PIII as a Web server
> for my personal Web site. The Linksys router has a dedicated DMZ port that I was
> planning to use unless someone knows of a good reason not to.

don't most of those router/firewall things put the dmz port on the same
network as the rest of the boxes on your "inside" LAN?  If so, using the
dmz port would be a BAD idea.

also the wireless AP, if it's going to be open to the world, should be
in a DMZ, a different network from your inside LAN.

> I'd like to learn LDAP so I was planning to use it for authentication throughout
> my LAN and as an addressbook for my email apps. I would like to be able to get
> at the addressbook information from the Internet, but I don't want to expose my
> more sensitive LDAP parts to the world outside my LAN. Any suggestions?

run your ldap server in a box on your inside network, and create (or
find a web-based tool) to access ldap.  Restrict access to the website
and run it over SSL.  something like https://secure.yourdomain.com and 
put all your important stuff you don't want others to have access to
there, eg, webmail, your ldap lookup, etc.

If you don't put your webserver in a DMZ, you'll have to port forward to
it.
-- 
scot

_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
http://www.mn-linux.org tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list