Roland Roland <R_O_L_A_N_D at ...> writes: > Hence, i'm thinking of setting up a centos machine to work as such: > > HDSL modem(natted to an onboard dhcp service for lan users) -> Centos - > > Switch - LAN users > > Hw specs: > > 3 GB ram > 3.0 core 2 duo > 2 X 1 TB HDD > 2 X 1 Gb NIC Your proposed configuration is pretty close to what I've been running for several years (my original server had an AMD K-6 and ran Red Hat 6). The hardware is way more than sufficient. I have CentOS doing the natting instead of the modem. Just use the modem as a pass through. Pretty much everything I've done is documented on my blog at http://davenjudy.org/davesBlog. I describe what I've done on the blog and that way I document what I did for my future use and someone else might be able to use it. > > Centos will contain the following: > > 1. DHCP # is there a way i could use the modem's dhcp service > instead? or using a centos based dhcp service is better? > 2. Samba # sharing files for lan users See my blog. > 3. Squid > 4. clamav Don't do clamav since I even got my wife to use Linux. No real need for squid. > 5. OpenRadius # wifi authentication See my blog. > 6. knockd service (anyone tried it? i read about this service a few > weeks ago and am wondering if it's worth giving it a shot... for public > access to the server ) I just used public keys for ssh and disabled password login. I also suggest you move the sshd port to something non-standard just to cut down on the fruitless attempts to login there. The script kiddies generally don't scan to see if sshd is listening on a non-standard port. > 6. Things which are needed : > a. Ability to separate Wireless router from LAN. (thinking > of vlans though as i have a dumb switch am thinking of adding a 3d NIC > to my desktop and dedicating it to the wifi ? ) 3rd NIC is probably the easiest with a crossover cable to the WiFi AP. That way you can easily set up specific firewall rules for the WiFi traffic. > b. Accountablity of quota and bandwidth used (i was > thinking of SARG and SQstat for squid) > c. using some sort of shell script that will parse squid > logs (mysar will help me access squid logs through mysql) and if someone > bypassed their allowed quota for the day they will be moved to a delay > pool with lower bandwidth. > Hopefully, someone else can help you with these. Most of my recent blog posts deal with setting up IPv6. You'll need to look through the "CentOS server set up and maintenance notes" section for some of the older articles (DHCP, RADIUS, etc.). Cheers, Dave