On 12/11/2013 22:00, Jason T. Slack-Moehrle wrote:
I have a CentOS 6.5 Server (a few TB, 32gb RAM) running some simple web stuff and Zimbra. I have 5 static IP's from Comcast. I am considering giving this server a public IP and plugging it directly into my cable modem. This box can handle everything with room for me to do more.
Doing this would allow me to power down my pfSense box and additional servers by consolidating onto this single box.
I have the firewall on on the server and only allowing the few ports I need.
I dont run ssh on 22
What do you guys think?
Have you considered moving all the public web services to a VPS, so you can use the simple firewall in your cable modem/router? You'll get much better bandwidth, and all the hardware problems are someone else's. If the machine gets broken into, it isn't a stepping stone into your private LAN.
I suspect the Zimbra instance isn't public, which is good, because with its minimum RAM requirement of 2 GB, it probably isn't worth hosting publicly on your own.
(Insert "when I was a boy" rant about 48 kB being enough here.)
If you really do have to do public facing web services from your private LAN for whatever reason, though:
I'd keep the separate firewall, but put it on more efficient hardware. You should be able to do this in about 5 W. At 11 cents per kWh, that's about $5 per year if it runs continually. I suspect it could actually be done in more like 2 W.
(For comparison's sake, a Mac Mini idles at about 10 W, and a Raspberry Pi *peaks* at 3.5 W.)
If you had to build the firewall yourself for whatever reason, there are small BSD/Linux-ready embeddable PCs you could use for this. They tend to be targeted at industrial applications and have low sales volumes, so expect to pay $200+ for them.
If you're willing to go bare-bones, a Raspberry Pi, Arduino Galileo, or BeagleBone Black plus a USB-to-Ethernet adapter would do the job for under $100.
If you can give up a bit of control, you can buy DD-WRT based routers off the shelf from the likes of Buffalo and Asus these days. The Buffalo unit I looked at claims to need 13 W peak, but at idle with the wireless turned off so it's a wired-only router, I'd be surprised if it didn't drop below 5 W.