Samba share in DMZ

Hi,

Our customer is wanting to have an Linux HTTP server (in the DMZ) that
includes in its PHP pages HTML code generated in real time by a
Windows COM+ service (running on Windows 2000 advanced Server or
Windows Server 2003).

The customer doesn't want to redirect external HTTP requesters to the
IIS of the Windows machine (this was our first proposal, but they
don't want a (vulnerable) Windows machine in the DMZ).

Because the pages are dynamic, we want to have both a secure and fast
solution. It would be great to be "mainstream" and simple to
implement.

We thought of using Samba to share a drive between the linux and
Windows machines. The COM+ service would generate the HTML code on
request and write it to the share for the synchronized Linux process.

Some silly questions:
1) May the Windows machine be behind the firewall and still provide
first class security or does it have to be in the DMZ also?
2) On which machine has the share to be done? Does it have an impact
on performance?
Which is the disk format best suited? May we use NTFS or is FAT
mandatory? (knowing that the Linux would only read the generated
pages)
3) We understand it is possible (and recommended) to secure Samba. Are
those software settings enough or do we have to combine them with
multiple ethernet cards etc...
4) Copying from Windows to Windows through the wire seems to be faster
in "native" mode than copying the same files using Samba (Windows to
Red Hat Linux) About twice as fast. Is this due to a poor
implementation or is there a performance penalty even with recent
Samba code? We expect it shouldn't.
5) Instead of using Samba, the customer proposes to send the files
with FTP from the Windows machine to the Linux machine. We think this
is both much slower, more complicated and not more secure than Samba
(when both are configured secure). Who is right?
6) How frequent is our case? How do the others do? Can Windows and
Linux coexist peacefully or is exposure to the external world only
possible for homogeneous configurations?

Thanks for your comments and help

Emmanuel van Hecke

"Emmanuel van Hecke" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) om...
> 5) Instead of using Samba, the customer proposes to send the files
> with FTP from the Windows machine to the Linux machine. We think this
> is both much slower, more complicated and not more secure than Samba
> (when both are configured secure). Who is right?

I vote for this. Make sure the PC has proper routing (you can add routes in
windows) such that the data stays in the internal network - usually a route
add <server ip> mask 255.255.255.255 <windows ip> on the windows box will
make sure the packets aren't routed out the dsl modem and then back to the
linux box (hence being slower)

The linux box doesn't even need to have its ftp port "open" fully in
iptables - just add a rule allowing access to the ftp port from the source
ip of the windows box.

Samba is way too big a hammer for this job. The above setup should take all
of 5 minutes to implement/test