With no sensitive stuff accessible, can I safely run NFS, Samba, Squid and Apache on the same machine until I can afford a separate firewall?
How few machines can I get away with?
ps. It's only my 2nd hour networking (newbie)
3 windows98 connected
3 Linux to go (2 are dedicated to other tasks though)

[This message has been edited by waveleaper (edited 06-07-2000).]

Yes you can. These are completely unrelated services, thus the configuraton do not affect each other.It's you who decides on who can access what.

May I also suggest tcpd for extra security - it definately comes with redhat 6.1 or later, and I assume it is included in other linux distributions. tcpd sits on top of all services. Each time someone tries to access any service, tcpd will determine whether the incomming IP is authorized to access the requested service. You may even allow a particular IP to access, say, your samba server, but not your apache server.

George

You will also need ipchains in order to allow your networked computers to access the internet. It also comes with most Linux distributions. It is mainly an IP Masquarading service, but it can also act as a firewall.

George

Thank You, Thank You, Thank You, that's what I hoped. The TCP wrapper daemon would have taken me a while to find, and longer to have confidence in. Now I'm ready to go back to this. This is great, none of my friends could have popped that off the top of their heads. This whole site was a blast to read today. I need to get through networking, web sites and CGI to get back to C++ . . . this will let me do it with the system I've got and when I crash the it I won't worry about my files anymore (I like to play with pointers.) Networking is really amazing and ... you're the first person to give me a good computer project to work on in 17 years - Thanks a whole bunch! (off to read the tcpd(8) and hosts_access(5) man pages, plus try /sbin/ipchains.)
Matthew

Just a small clarification... You need ipchains in order to allow the other computers to access the internet: I did not make this clear, but maybe it's obvious... Your Linux box must be the one connected directly to the internet...
tcpd is a piece of cake to setup (after editing /etc/hosts.allow and /etc/hosts.deny, remember to do a "killall -HUP inetd" to activate the changes).
The difficult part to setup is squid. I already have it up and running for a few weeks, but I'm not yet sure it's configured as it should be.