Firewall, Mail and File server solution

Firewall, Mail and File
server solution
Table of Contents
Introduction..................................................................................................................................
........................2
Overview.....................................................................................................................................
.........................3
Detailed description.............................................................................................................................................
.4
Firewall...............................................................................................................................................
.............4
Other services offered by IPCop:.....................................................................................................
..........4
Mail and File Server.............................................................................................................................
...........5
Mail services.....................................................................................................................................
..........5
File server............................................................................................................................
.......................5
Backups..................................................................................................................................................
.....5
Introduction
TruSoft Software offer a number of solutions aimed at:
● lowering bandwidth usage,
● providing stable, secure central file storage,
● providing central backup,
● low maintenance,
● low TCO
Our solutions are based on GNU/Linux systems utilising open source software and have been proven to be
effective.
The Solution consists of two servers, one firewall/gateway/proxy that manages the ADSL internet
connection and one mail/file server that can also be expanded to become a web server for internal web
applications.
Page 2 of 5
Overview
The following diagram depicts the basic architecture and the services offered.
Page 3 of 5
Detailed description
Firewall
The firewall is implemented using IPCop, a Linux-based secure multi-purpose firewall solution. Existing
hardware can be used if the client have a PIII machine available, or we can supply a new entry-level
machine. The client can also opt for a more powerful machine to allow the firewall to do on-the-fly
checking for spam and viruses.
The IPCop system is equipped with two network cards to effectively isolate the internal network from the
Internet. IPCop routes traffic between the internal network and the Internet. The built-in intrusion
detection system (Snort) and kernel-based firewall (iptables) monitors all traffic and effectively block
unauthorised traffic from the Internet.
IPCop can also be set up to prioritise certain traffic to ensure optimum usability.
Other services offered by IPCop:
●
Transparent Proxy – The transparent proxy will cache HTTP data for a certain time, making access
to frequently visited sites faster and use less bandwidth. No client-side setup required.
●
DHCP Server – The DHCP server will dynamically allocate IP addresses to computers on the
internal network. The server can be set up to always allocate a certain address to a certain computer.
●
Caching DNS – DNS requests are cached by IPCop, so that frequently used addresses resolve faster.
●
Time Server – IPCop can act as a time server for internal computers to keep all computers in
synchronisation. IPCop itself will again synchronise with international time servers
●
VPN Server – IPCop can be set up with Open VPN to be a secure VPN server. The network can
then be accessed remotely via the Internet in a secure way. Each client needs it's own key and
password.
●
Port Forwarding – IPCop can be configured to directly route all traffic on a certain port to an
internal machine. This allows remote access only to one machine on the inside, improving security
and control.
●
Dynamic DNS – A dynamic DNS service can be used to assign a domain name to the ADSL
connection. This makes it easy to access the network via the Internet for administration.
●
Web interface – The easy to use, secure web interface makes administration and monitoring of
IPCop easy and can be done from any internal PC. No screen, monitor or mouse is required for the
IPCop server.
●
Plug-ins – Additional plug-ins exist that extend the functionality of IPCop.
Page 4 of 5
Mail and File Server
The Mail and File Server is based on Novell OpenSUSE Linux. The server runs the Postfix mail server
with Courier IMAP/POP3 server and fetchmail to collect mail.
SAMBA is be used to share directories via SMB to Windows clients.
A custom backup system allows for automatic backup of files to external USB drives.
Mail services
The server hosts a mailbox for each internal email address. The mailboxes are available via IMAP/POP3.
The server will periodically read each user's mail from the ISP's mail server and drop mail into the local
mailboxes after it has been scanned for viruses and spam. Viruses will be quarantined and messages
suspected of being SPAM can be marked as SPAM or rejected directly.
Users will then read the mail from the local mailboxes via IMAP or POP3 using any IMAP/POP3 capable
email client (Mozilla Thunderbird, Microsoft Outlook, etc) on the workstations.
When a user send an email, the email client will deliver the mail to the local SMTP server running on the
Mail/File server. The SMTP server will then determine if the mail is destined for an internal user or
external user. If the mail is addressed to an internal user (@your_domain) then the mail be delivered
directly to the user's mailbox on the server. The mail will not be passed on via the Internet to the ISP's mail
server.
If the mail is addressed to an external address, then the mail server will pass it on to the ISP's SMTP server
for delivery.
This means that mail that employees send to each other will not be sent out over the ADSL connection, and
read back again, saving bandwidth, making delivery faster and enabling larger attachments to be sent.
It is also possible to install an open source groupware server like Hula, Kolab, Zimbra, etc. This will give
similar functionality as a Microsoft Exchange system. (Shared address book, shared calendaring, shared
folders in Outlook)
File server
The file server functionality is implemented using SAMBA. SAMBA is an open source implementation of
the SMB protocol that is used by Windows systems to share folders.
The server will have shared folders available that can be mapped as shared drives on Windows
workstations. User and group access can be implemented to only allow certain users access to certain files
and folders.
The server can also be configured to act as an authentication server for Windows 2000/XP/2003
Professional clients.
Backups
TruSoft Software have developed a custom backup solution that will automatically backup selected
directories to an external USB disk as soon as the disk is connected to the server. No human intervention is
required. When the backup is done, the server will beep to signify that the disk can be disconnected again.
Normally all email on the server, server configuration files and all shared SAMBA directories are backed
up, but additional directories can also be added.
TruSoft Software also offer a service to backup the data via the Internet to an off-site server via a secure
protocal. The backup is done every night, or as often as the client requires.
Page 5 of 5
Download PDF
Similar pages
020-020_letters
How to setup IPCOP IPSEC VPN (RoadWarrior
Setting Up Email
Email Setup
Email Settings
Email Setup
Windows 7 Setup
iPhone
iPad
iPhone Email Setup
Setting Up E-Mail