[Sderby] Help Firewall
Deon Grobler
sderby at mailman.lug.org.uk
Wed Jun 25 15:27:00 2003
Well then this is pretty much the list I gave you.
Go into setup/firewall/customize ... check the SSH box, check the FTP box if
you need to ftp in, and then on the bottom line, assuming its still the same
as 7.1 *last time I used Linux* ... type in 3306 for mysql ... OK OK .. and
exit of of there.
Once thats done, it should start blocking on the fly, but always test it.
Try and connect to the box from another machine to a service that is running
like DNS. telnet *IP ADDRESS* 53 ... it "should" be denied. If it allows
it, recheck your rules, make sure they have been saved, and if thats all
good, restart the process. /etc/rc.d/init.d/S95IPTABLES reload
Let us know how things go.
Deon
-----Original Message-----
From: sderby-admin@mailman.lug.org.uk
[mailto:sderby-admin@mailman.lug.org.uk]On Behalf Of trw dLogical
Sent: Wednesday, June 25, 2003 3:12 PM
To: sderby@mailman.lug.org.uk
Subject: RE: [Sderby] Help Firewall
Well a list hum,
1) I require to ssh into the server.
2) Mysql is required to be accessed.
3) The ability for me to ftp certain files to run on the server.
(mainly perl programs to load database info - oh and a few sql setup
scripts).
I really think thats about it as the server although being a DNS server is
only going to be used as a database server.
If I can ever get mysql to create the db in the home directory.
No domains or email or general ftp stuff will be allowed. Although the
server has apache and email etc installed.
Thanks
Trevor.
-----Original Message-----
From: sderby-admin@mailman.lug.org.uk
[mailto:sderby-admin@mailman.lug.org.uk]On Behalf Of Deon Grobler
Sent: 25 June 2003 14:58
To: sderby@mailman.lug.org.uk
Subject: RE: [Sderby] Help Firewall
Sure ... well the easiest way to proceed is to give me a list of what you
need the outside *internet world* to access.
ie: apache/httpd
regards
Deon
-----Original Message-----
From: sderby-admin@mailman.lug.org.uk
[mailto:sderby-admin@mailman.lug.org.uk]On Behalf Of trw dLogical
Sent: Wednesday, June 25, 2003 2:51 PM
To: sderby@mailman.lug.org.uk
Subject: RE: [Sderby] Help Firewall
Yep this sounds quite promising.
I have had suggested IPCHAINS which I believe is like IPTABLES.
(Hum lack of Linux admin knowledge showing).
I have entered the setup and it appears I can switch on and off anything
from there.
But me not done this before. So if you could help a little further I would
be most pleased.
Trevor.
-----Original Message-----
From: sderby-admin@mailman.lug.org.uk
[mailto:sderby-admin@mailman.lug.org.uk]On Behalf Of Deon Grobler
Sent: 25 June 2003 13:54
To: sderby@mailman.lug.org.uk
Subject: RE: [Sderby] Help Firewall
Well, you could do a basic setup with IPTABLES or TCPwrappers on that box.
Deny everything and allow like 22ssh/80web/3306mysql .. at the console
type: setup .. and proceed from there.
regards
Deon
-----Original Message-----
From: sderby-admin@mailman.lug.org.uk
[mailto:sderby-admin@mailman.lug.org.uk]On Behalf Of trw dLogical
Sent: Wednesday, June 25, 2003 1:55 PM
To: sderby@mailman.lug.org.uk
Subject: RE: [Sderby] Help Firewall
Thanks for the reply,
However I have looked at smoothwall and as you say it requires a dedicated
server.
This I do not have as the linux box is a dns server which is located at
Fasthosts hub.
I theirfore cannot put a single linux box upfront.
Trevor.
-----Original Message-----
From: sderby-admin@mailman.lug.org.uk
[mailto:sderby-admin@mailman.lug.org.uk]On Behalf Of Martin Brentnall
Sent: 25 June 2003 13:15
To: sderby@mailman.lug.org.uk
Subject: Re: [Sderby] Help Firewall
Hi,
I've been running a firewall called Smoothwall Linux 2.0. I don't really
know
if that's what you're looking for, as it requires a machine dedicated to the
firewall (I'm using an old P200 with 32MB RAM, although even this spec is a
big overkill for my needs).
Smoothwall Linux 2.0 is still in the Beta stage, but you can get Smoothwall
1.0 if you like (my NIC wasn't supported by 1.0's kernel), which is a final
version.
The URL is http://smoothwall.org
Cheers,
Martin
On Tuesday 24 June 2003 9:35 pm, trw dLogical wrote:
> Hi
>
> I run a small computer software company in Overseal and I have a little
> problem.
>
>
> I am a reseller for Fasthosts internet and develop software using linux
> based servers.
>
> This has been going great until I recently required to have a database
over
> their default limit size.
>
> This has meant I have had to arrange for a dedicated server, and although
I
> have enough knowledge to
> have closed down the database etc I have no knowledge of firewalls, which
> to use or how to configure.
>
> I wonder if there is somebody who could provide assistance with this as I
> require to have the new server
> secured rather quickly.
>
> Trevor Ward
> dLogical Limited
>
> T: 01283 760469
>
> E: info@dlogical.co.uk
>
> W: www.dlogical.co.uk
>
>
> _______________________________________________
> Sderby mailing list
> Sderby@mailman.lug.org.uk
> http://mailman.lug.org.uk/mailman/listinfo/sderby
> Web site: http://sderby.lug.org.uk/
> wiki: http://www.sderby.lug.org.uk/cgi-bin/wiki.pl
_______________________________________________
Sderby mailing list
Sderby@mailman.lug.org.uk
http://mailman.lug.org.uk/mailman/listinfo/sderby
Web site: http://sderby.lug.org.uk/
wiki: http://www.sderby.lug.org.uk/cgi-bin/wiki.pl
_______________________________________________
Sderby mailing list
Sderby@mailman.lug.org.uk
http://mailman.lug.org.uk/mailman/listinfo/sderby
Web site: http://sderby.lug.org.uk/
wiki: http://www.sderby.lug.org.uk/cgi-bin/wiki.pl
_______________________________________________
Sderby mailing list
Sderby@mailman.lug.org.uk
http://mailman.lug.org.uk/mailman/listinfo/sderby
Web site: http://sderby.lug.org.uk/
wiki: http://www.sderby.lug.org.uk/cgi-bin/wiki.pl
_______________________________________________
Sderby mailing list
Sderby@mailman.lug.org.uk
http://mailman.lug.org.uk/mailman/listinfo/sderby
Web site: http://sderby.lug.org.uk/
wiki: http://www.sderby.lug.org.uk/cgi-bin/wiki.pl
_______________________________________________
Sderby mailing list
Sderby@mailman.lug.org.uk
http://mailman.lug.org.uk/mailman/listinfo/sderby
Web site: http://sderby.lug.org.uk/
wiki: http://www.sderby.lug.org.uk/cgi-bin/wiki.pl
_______________________________________________
Sderby mailing list
Sderby@mailman.lug.org.uk
http://mailman.lug.org.uk/mailman/listinfo/sderby
Web site: http://sderby.lug.org.uk/
wiki: http://www.sderby.lug.org.uk/cgi-bin/wiki.pl