From owner-freebsd-questions@FreeBSD.ORG Thu Nov 30 00:30:46 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 67FBE16A504 for ; Thu, 30 Nov 2006 00:30:46 +0000 (UTC) (envelope-from lane@joeandlane.com) Received: from elasmtp-dupuy.atl.sa.earthlink.net (elasmtp-dupuy.atl.sa.earthlink.net [209.86.89.62]) by mx1.FreeBSD.org (Postfix) with ESMTP id ED9F143CD1 for ; Thu, 30 Nov 2006 00:29:49 +0000 (GMT) (envelope-from lane@joeandlane.com) Received: from [66.47.111.183] (helo=joeandlane.com) by elasmtp-dupuy.atl.sa.earthlink.net with asmtp (Exim 4.34) id 1GpZoC-0007IF-HK for freebsd-questions@freebsd.org; Wed, 29 Nov 2006 19:29:48 -0500 Received: from joeandlane.com (localhost.localnet.local [127.0.0.1]) by joeandlane.com (8.13.8/8.13.1) with ESMTP id kAU0WiPn073167 for ; Wed, 29 Nov 2006 18:32:44 -0600 (CST) (envelope-from lane@joeandlane.com) Received: from localhost (localhost [[UNIX: localhost]]) by joeandlane.com (8.13.8/8.13.1/Submit) id kAU0WhqG073166 for freebsd-questions@freebsd.org; Wed, 29 Nov 2006 18:32:43 -0600 (CST) (envelope-from lane@joeandlane.com) From: Lane To: freebsd-questions@freebsd.org Date: Wed, 29 Nov 2006 18:32:43 -0600 User-Agent: KMail/1.9.3 References: <20061129205210.KSAH26055.ibm59aec.bellsouth.net@mail.bellsouth.net> In-Reply-To: <20061129205210.KSAH26055.ibm59aec.bellsouth.net@mail.bellsouth.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200611291832.43751.lane@joeandlane.com> X-CD-SOLUTIONS-MailScanner-Information: Please contact the ISP for more information X-CD-SOLUTIONS-MailScanner: Found to be clean X-CD-SOLUTIONS-MailScanner-From: lane@joeandlane.com X-ELNK-Trace: e56a4b6ca9bdfda11aa676d7e74259b7b3291a7d08dfec79a9ae7528e1fd56f18a4f34e29f7fb613350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c X-Originating-IP: 66.47.111.183 Subject: Re: Suggested Books & Guides on small bisiness LAN with FreeBSD X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Nov 2006 00:30:46 -0000 On Wednesday 29 November 2006 14:52, wmc20@bellsouth.net wrote: > Hi Guys, > > I'm looking for advice or suggestions on how to [re]design a small business > network with FreeBSD. I know that's a pretty broad topic -- I'm not > looking for a simple answer, so much as reference materials. > > Background: for over 5 years we've had our business running with a few > FreeBSD servers. An external Internet connected box serves smtp, imap, > http, ftp, dns (external and LAN internal) and http-proxy. Another server > (on LAN behind NAT router) has Samba file & print services, lpd and some > other things. > > I guess what I'm looking for is "best practice" suggestions for configuring > all this optimally. Problems we have currently include DNS -- if the > Internet connection goes down, the server chokes, and we can't even get > internal DNS. And security issues, eg: should the email accounts reside > on an Internet-exposed server? > > O'Reilly sells "Windows to Linux Migration Toolkit" which sounds like some > of what I'm looking for, except that it's for Linux -- but I've dabbled > with that kludge enough to probably apply the concepts to FreeBSD ;) Any > other suggestions on good books, web sites, etc? > > -Wayne B. > > Wayne, If you've been using FreeBSD in production for five years, you are probably well beyond any O'Reilley offering, imho. We can all benefit by (yet) another look at "man ," and that's probably gonna be your most productive resource, since it will allow you to address your specific issues without having to read any ol' dumbed-down version of the documentation :) As for DNS issues, my thought is that if your external DNS server works then leave it alone and implement a separate internal DNS server to handle your internal traffic. Just start with the same configuration you have on external and tweak it as needed. It doesn't have to be authoritative. Also you are likely also running DHCP, which I'd recommend you move from your external DNS server to the new internal DNS server (if that is your current setup). Usually 2 cents, but free for you! lane