I have a home network with webmail server currently implemented as:
Internet -------- Server -------- Internal Network
where Server runs Debian with Apache/SSL and and IPTables firewall.
(Mail comes down using fetchmail. I have OpenWebmail but require
authentication for all access to Apache as I trust its security over
OpenWebmail's and it keeps out scans)
I've just bought a new Netgear wireless router with firewall in it
(WGT624 upgraded to firmware 4). As an aside - it seems to be blocking
my outgoing squid requests to upstream proxies (getting around NTL's
proxy badness), but that's not too much a problem as its internal proxy
runs well at the moment - at least until NTL's transparent proxy server
goes down again.
Two setups I'm considering are:
Internet ---- WGT624 ---- Server
`-- Wireless network ---- my clients
Or
Internet ---- Server ---- WGT624 ---- Wireless network --- my clients
(run an encrypted authenticated tunnel here)
The first option means I put my trust in the wireless router, its
firewall and wireless security (I hope to be able to use WPA on my
Linux clients). An advantage is that I offload web proxying from my
server which is a little EPIA embedded system. Also the first option is
easier to set up and use.
The second option means I keep my existing IPTables firewall, squid
proxy, DHCP setup and everything, but can distrust the wireless
network. I have full control.
The question is, which idea is best? How much can I trust the Netgear
and the Wireless side? NMap against the WAN port on the Netgear is as
expected well closed down. How secure is the wireless side?
Thanks
- Richard
|
Similar Threads
Linear Mode
