LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 09-13-2011, 12:34 PM   #1
MrMcGoo
LQ Newbie
 
Registered: Jun 2009
Distribution: Currently, Debian Lenny with no desktop sucks the least for me.
Posts: 23

Rep: Reputation: 0
Isolate Windows box in a Linux LAN


I have four Debian computers in a LAN with a Linksys router and a switch. The router is set for DHCP, but I have given the four Linux boxes static IP addresses – 192.168.1.110...113 and the static IPs are functioning. The file /etc/hosts, in each computer, is configured to enable ssh between all Linux boxes by host name.

Now, I have added a Windows XP computer that will be used only once in a while for a specific purpose. It is configured DHCP, 198.162.1.100, and shares the internet connection. I tried to assign it static IP 192.168.1.114 and that was successful, but then it wouldn't connect to the internet. So, I put it back to DHCP. It will ping the Linux computers, but they cannot ping it regardless of whether the Windows firewall is on or off.

What I want to accomplish is for the Linux computers to not accept any communication from the Windows computer. I have tried putting “All: 192.168.1.100” (the Windows DHCP IP address) or “IP: 192.168.1.100” into the /etc/hosts.deny file, but the Windows box still is able to ping to Linux.

If I'm not being too paranoid, how can I isolate that computer?
 
Old 09-13-2011, 01:49 PM   #2
SL00b
Member
 
Registered: Feb 2011
Location: LA, US
Distribution: SLES
Posts: 375

Rep: Reputation: 112Reputation: 112
As I understand it, hosts.deny and hosts.allow are utilized by the tcp wrapper and protect individual daemons, which operate at the application layer of the IP stack. Ping, on the other hand, operates on the internet layer, which is well below the application layer. So ping is not a good test of whether you've secured access or not. Try accessing the Linux boxes via an ssh or ftp client instead.
 
Old 09-13-2011, 02:27 PM   #3
MrMcGoo
LQ Newbie
 
Registered: Jun 2009
Distribution: Currently, Debian Lenny with no desktop sucks the least for me.
Posts: 23

Original Poster
Rep: Reputation: 0
SLoob,

I tried ftp to Linux Box by IP address and by host name.
Both results the same:
Connected and then connection closed by remote host

It would seem that the Linux boxes are safe from any malware that Windows might pick up.

Thanks for the suggestion.
 
Old 09-13-2011, 02:57 PM   #4
jefro
Moderator
 
Registered: Mar 2008
Posts: 21,939

Rep: Reputation: 3619Reputation: 3619Reputation: 3619Reputation: 3619Reputation: 3619Reputation: 3619Reputation: 3619Reputation: 3619Reputation: 3619Reputation: 3619Reputation: 3619
You can't really isolate any networked computer unless you disconnect the ethernet cable. You protect your linux by hardening it and applying as many best practices as you can.
 
Old 09-13-2011, 03:11 PM   #5
corp769
LQ Guru
 
Registered: Apr 2005
Location: /dev/null
Posts: 5,818

Rep: Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007
Just like jefro said, the best way to completely isolate a network computer simply is to disconnect it by pulling the plug. If you want the most security, make sure that you update your system on a daily basis, and reconfigure iptables by dropping virtually all packets going to that particular system, and manually allowing data to it.
 
Old 09-13-2011, 07:03 PM   #6
MrMcGoo
LQ Newbie
 
Registered: Jun 2009
Distribution: Currently, Debian Lenny with no desktop sucks the least for me.
Posts: 23

Original Poster
Rep: Reputation: 0
corp769 and jefro,

You guys are right. I was trying to make a simple solution complicated. The win box only gets used maybe twice a month for a short time. Other than that, it's turned off. When using windows, turn off the Linux computers. Thanks
 
Old 09-14-2011, 12:22 PM   #7
corp769
LQ Guru
 
Registered: Apr 2005
Location: /dev/null
Posts: 5,818

Rep: Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007
No problem man!
 
Old 09-14-2011, 03:10 PM   #8
SL00b
Member
 
Registered: Feb 2011
Location: LA, US
Distribution: SLES
Posts: 375

Rep: Reputation: 112Reputation: 112
I'm always joking that "the most secure setting is 'off'", but mostly to highlight the fact that going overboard on security leads to sacrificing usability, so finding the right balance, which gives the most security while still maintaining maximum usability, is important. Keeping the windows machine powered off when it's not needed is a solid policy, but I don't know that I'd want to run around the house shouting, "Everyone! SHUT DOWN YOUR MACHINES!! I'M BRINGING UP THE WINDOWS BOX!!"

But, to each their own.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How can I isolate VPN traffic from my LAN? 3rods Linux - Networking 4 07-16-2010 06:33 AM
How to Isolate an AP in a LAN? cucolin@ Linux - Wireless Networking 7 10-23-2007 10:47 PM
Linux box won't print across LAN to XP box LPT1 whynotlinux Linux - Networking 1 08-28-2006 10:36 AM
Accessing my linux box by name on the LAN (from Windows) malbery Linux - Networking 2 12-07-2004 05:42 AM
Connecting Linux box to Internet through Windowx XP box over LAN pcd007 Linux - Networking 1 03-14-2004 09:02 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 05:16 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration