IPCOP + COPFILTER

J

JJRM

Well-Known Member
Joined
Feb 27, 2008
Messages
474
Reaction score
7
Hi guys, I don't have any experience with IpCop but looking at trying it out for use in our small company. I'm hoping the CopFilter add-on could also help us with the some spam seeping through to us. To all you IpCop gurus, please help me out. I've done some reading but one or two things I'm not too sure about:

Our one and only server runs Exchange, FTP (FileZilla), AD, DNS, DHCP and one or two needed services for some internal software we use. Now if I put the server in a DMZ (Orange network), I'm getting the feeling I'm going to have a few connectivity issues between all the clients in the Green network and the server. What will be the impact on connectivity between the green network and orange? The software application we use is heavily dependant on the server and particularly connection speeds. I'm concerned that the IpCop machine may cause some degradation in performance between the clients and the server.

The other option is leaving the server in the green network and port forwarding only those ports that I need to the server. That way I should still get full performance as is currently.

What would you think are my best options?
 
which server are you using i maean be more specific , is it a linux ow windows server my sujestion to you would be to use iptables as they are simpler to impliment and won,t mess with your other connectivity issues:D
 
Sorry dude, I lost you there. But to answer your question, our server is running SBS 2008. But my question was basically which of the two options (green/orange)would be better for me in terms of performance?
 
Thanks for the overwhelming responses guys :-) Anyways, just an update. Since our server's uses are predominantly internal, I decided to keep it in the green zone and just port forward the ftp ports. So far so good, it's been in for almost a week and no problems.
 
Putting an Exchange server in the orange will mean opening too many ports and stuff.

Best to keep it on the green then. But take care that you shut down all unneccessary services, or block access from the firewall to these services, if possible.

You can, however, minimize your risk by setting up a Linux server for use with FTP and bung that server in the DMZ. So, should your FTP server gets haxxored, then it's no big deal as the attacker won't be able to gain access to green.

I've done this setup with Smoothwall + Server 2003 (Exchange + AD on green) + SME Server (FTP) in the DMZ.

You can also look at implementing Snort and Guardian to clamp down on suspicious activities on your RED interface.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X