Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
3 machines run windows and only one machine run linux (Redhat 9.0).The linux machine runs samba,ftp and ssh.(I also use it as a desktop machine).All of these machines are on DSL connection with Dynamic IP address.
I find it very scary to run my ftp because it was intended for the certain subnets.
How can I use my servers in a more secure way even though I don,t have static IP?And with samba How do I make it possible for people in my house to browse my shares on linux?
You didn't really say what your network topology is, but I'm assuming that you have a DSL modem, and 4 computers all plugged into a hub or switch, and there's no router.
I posted in Linux Software (I think, or newbie) about how to set up your smb.conf file, there's an example one there that should not need much tweeking for your setup. If you want to secure your network using the hardware you have, you should buy a second NIC for the Linux box, and configure iptables and IP masquerading on it... there are a bunch of example scripts floating around this forum. Anyway basically once you have the second NIC installed, set up the connection like this:
then the rest of the puters off the hub. Configure iptables to only allow ftp, ssh and whatever from your internal LAN IP range. DHCP and PPPoE should not be a problem, but I've only set up DSL on OpenBSD. Also you could run dhcpd on the internal interface of the Linux box so that you can essentially plug any computer into the network and have internet access for it.
HTH, if you're more specific with your problems it's easier to give you specific advice.
Not without securing each individual box. And with 3 winxp boxen you are not going to have an easy, or satisfying, ride. I would highly recommend real electrical separation from the internet, with a non-M$ OS for firewalling (http://www.openbsd.org).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
