LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 02-08-2010, 05:39 AM   #1
data1986
LQ Newbie
 
Registered: Feb 2010
Posts: 12

Rep: Reputation: 0
linux machine as firewall


i have a linux server runnig oracle applications.
i need to access this server from putty using ssh through internet.
i did by registering my static ip with the dnydns.org and i am able to connect to the server.
but now there is no security to authenticate any user as any one knowing the password can login to it.
i thought of configuring the firewall of linux server but the client ip`s are not static and they change continiously.
so thought of keeping one more pc between the server and the router which will do the work of authenticating. but i am confuse as how to configure it to allow the packets coming from the internet after authenticating and to by pass the packets generated from internal LAN?

i have heared abut freeradius package but i am not sure will it work in my case?

thanx in advance
 
Old 02-08-2010, 05:33 PM   #2
kbp
Senior Member
 
Registered: Aug 2009
Posts: 3,758

Rep: Reputation: 643Reputation: 643Reputation: 643Reputation: 643Reputation: 643Reputation: 643
If you're accessing it from the one location or from a laptop, you could set up key based authentication then disable password auth on the target sshd :

Code:
PasswordAuthentication no
PubkeyAuthentication yes
cheers
 
Old 02-08-2010, 10:19 PM   #3
data1986
LQ Newbie
 
Registered: Feb 2010
Posts: 12

Original Poster
Rep: Reputation: 0
i am trying to access from internet and will be accessed by many people from their respective machines!!!!
 
Old 02-08-2010, 11:32 PM   #4
kbp
Senior Member
 
Registered: Aug 2009
Posts: 3,758

Rep: Reputation: 643Reputation: 643Reputation: 643Reputation: 643Reputation: 643Reputation: 643
I don't see the point in adding an extra pc in the way... were you thinking of using 2-factor authentication ?
 
Old 02-09-2010, 06:37 AM   #5
data1986
LQ Newbie
 
Registered: Feb 2010
Posts: 12

Original Poster
Rep: Reputation: 0
what is using 2-factor authentication? if that suites then i can use that!
 
Old 02-09-2010, 03:06 PM   #6
kbp
Senior Member
 
Registered: Aug 2009
Posts: 3,758

Rep: Reputation: 643Reputation: 643Reputation: 643Reputation: 643Reputation: 643Reputation: 643
2-factor authentication is basically requiring 'something you have' and 'something you know' to authenticate. It is commonly implemented by using a one-time-password generating token or fob and combining the number it provides with a pin that you remember.

eg:
pin=1234
token=987654
password=[pin]+[number_from_token] == 1234987654

In this case I'd suggest that it could be overkill for your needs. Probably the simplest way to secure your server would be to enforce password complexity, password aging and password history. You will need to educate the users of the system and emphasise the importance of not writing down their passwords etc.

cheers
 
Old 02-09-2010, 03:20 PM   #7
nuxrl
Member
 
Registered: Jun 2006
Location: NY, USA
Distribution: Slackware, Arch
Posts: 176

Rep: Reputation: 35
You may want to take a look at knockd, port knock server,

http://linux.die.net/man/1/knockd
 
Old 02-11-2010, 12:59 AM   #8
data1986
LQ Newbie
 
Registered: Feb 2010
Posts: 12

Original Poster
Rep: Reputation: 0
Thank you all for helping
thanks nuxrl
i got the solution for my problem its port knocking
http://www.zeroflux.org/projects/knock
 
Old 02-11-2010, 08:00 PM   #9
jefro
Guru
 
Registered: Mar 2008
Posts: 11,714

Rep: Reputation: 1439Reputation: 1439Reputation: 1439Reputation: 1439Reputation: 1439Reputation: 1439Reputation: 1439Reputation: 1439Reputation: 1439Reputation: 1439
I'd either setup a VM or real system running something like Untangle or another pre-made distro. That is if I wanted a second system.

Last edited by jefro; 02-12-2010 at 03:05 PM.
 
  


Reply

Tags
firewall


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
configuring linux machine as a firewall data1986 Linux - Newbie 9 02-11-2010 12:58 AM
Configuring Linux Machine as Firewall fedoraman Linux - Newbie 2 01-13-2008 12:02 AM
Configuring Linux Machine as Firewall fedoraman Linux - Networking 1 01-12-2008 09:21 AM
Linux firewall, cant get on my machine (stupid me) set reject to any TCP protocol AlexW Linux - Security 3 06-10-2004 04:07 PM
FTP to a machine BEHIND Firewall Milkman00 Linux - Networking 8 09-29-2002 02:25 PM


All times are GMT -5. The time now is 03:24 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration