Fred Smith wrote:
On Wed, Dec 11, 2013 at 09:00:25PM -0800, Jason T. Slack-Moehrle wrote:
Hi All,
So my electricity bill is through the roof and I need to pair down some equipment.
I have a CentOS 6.5 Server (a few TB, 32gb RAM) running some simple web stuff and Zimbra. I have 5 static IP's from Comcast. I am considering giving this server a public IP and plugging it directly into my cable modem. This box can handle everything with room for me to do more.
Doing this would allow me to power down my pfSense box and additional servers by consolidating onto this single box.
I have the firewall on on the server and only allowing the few ports I need.
I dont run ssh on 22
Were you planning on ssh'ing in from outside? Remember, security through obscurity isn't security. nmap, for example, would find it.
What do you guys think?
You certainly CAN do it that way.
Being paranoid, I'm in favor of having one "box" that does
firewall/routing duties
without any other apps running, to reduce the exposed "attack surface".
Yup. For about 10 years, I ran an old PC at home with redhat 7.x, then 9. (pre-fedora/RHEL). I had *nothing* on it - no compilers, no languages not required, no web stuff, no *nuthin'*. Then I ran Bastille Linux on it (that's not a distro, it's a set of hardening scripts - everything not explicitly required is verboten). To the best of my knowledge, I never had an intrusion. Of course, I wasn't offering an open website....
I used to run a Smoothwall GPL box as firewall, but like you, I wanted to do a little something about the power usage. My "solution' was a dedicated consumer router, which used probably (not measured) a tenth of the juice of the old PC that ran Smoothwall. I used dd-wrt on it instead of the original firmware.
Doing that now - uses a *lot* less power. Now, if I could just find a firmware that meets my needs....
mark