Hi All,
I have just orderd my new internet connection and i am rdy to get everything setup. on my network will be a mail gateway (linux) and webserver (linux) an active directory DC and a few client machines. so my questions are:

do i ask my isp to hold my mx records?
do i need my own dns service to be able to host my webserver with my domain name?

i am by no means a novice at networking but this is the first time i have hosted my own services from home. so i would like some advice from the experianced on any problems or processes that i need to get sorted out.

many thanks,

spikes

What ISP are you signed on with? I use OptOnline and have the same setup you're looking to do (MX, httpd, etc.)

Hey Theogre,
I am Signed up with BT (British Telecom). i am asumeing that i will be able to get them to create an mx record: my ip mydomain.com 10

it is the isp that holds this, and not my mail server?

the other question i was interested in was the dns side of things, so that my web server can be accessed by domain name rather than ip. is it just a case of setting the dns server on my systems and allowing the info to fillter up to the internet/isp etc?

finaly on the security side of things, which would you recomed for a firewall, a solid box of tricks such as the pix or sonicwall firewall or is it posable to setup a bsd box used just for routing, firewalling, nat and port forwarding. with no remote access?

cheers for your help

spikes

I'll explain my setup, which will give you an idea of how it works.

I have qmail as my mail server and Apache serving files. All boxes sit behind a FreeBSD firewall that handles NAT, routing, and all the filtering.

For DNS, I signed up for a free account with Afraid.org, which handles DNS and stores the MX record for the domain. Your ISP won't do any of this for you (I don't know about BT, but don't count on it.)

I run Apache on port 80, but I have my firewall listen for http requests on port 6900 and then route them internally to port 80 (my ISP blocks port 80.) I have this setup at Afraid.org so I don't have to worry about it.

For mail, I have 25 and 110 open on the firewall, which routes them to my mail server, which runs Vexira A/V.

I also have FTP, VNC, and game servers running behind the firewall that are all routed by the firewall, and haven't had a problem yet with people connecting to them using the FQDN.

Let me know if you want some help getting everything setup.

thats some great advice, many thanks. i may have to quiz you more at a later date. its been awhile since i used BSD and then it was openBSD. anyway i've got it on download now so i'll give you a shout when i'm getting it setup.

again many thanks,
spikes

It took me awhile to figure the DNS part out, but once that was handled, the rest was a piece of cake.

Let me know if you need help with the firewall & nat rules - I can send you a copy of mine so you can see how it's done (if you want.)

If you need/want help with anything else, I'll be here...

Hey TheOgre,
thinking about it a quick tutorial on bsd firewalling would be extreamely usefull, its the one thing in *nix that i havent realy touched upon.

if you could note down the main files for me, ipchains ipables etc.
and more impotantly the sintax of the files - ip ip port accept. things like that will be great to get me started.

many thanks

spikes

I'll put one together over the weekend and have it up on Monday. It'll actually be a few of them (what to compile in the kernel, firewall rules, nat, etc.)

I'm also working on a few others for FreeBSD, such as Samba, Apache, and a HOWTO for a Shoutcast streaming audio server.

Hey TheOgre,
Did you get anywhere with the firewall tutorial? ok, well when you do/if you already have can you drop me a line to tell me where it is?

i think i'm gona be building around the redhat/fedora platform as i have the linx driver for my dsl modem. i'm still looking for an openbsd driver but its unlikly i think.

so yea, so far i have a dinamic IP address (damn BT for that) so i dont know how that may effect the firewall. and i'm looking include to network adapters in to the box one for a DMZ one for LAN. then i want all the boxes behind the firewall to be able to access the net and services on the net, the boxes are a mix of linux and windows. Also, would it be posable to run an IDS of the firewall box? (it's a pII 400 | 128Mb | 3.5Gb).

cool, any help and advice will be great.

spikes

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.