LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 04-18-2002, 10:19 AM   #1
Syncrm
Member
 
Registered: Aug 2001
Location: Lansing, Michigan
Distribution: slackware8+
Posts: 472

Rep: Reputation: 30
additional firewall measures


hello all... i'm seeking a little advice with my firewall. currently, it's a pretty basic setup. two nics, one connected to my cable, the other to my internal network. i use IP masqing to forward client requests to the internet.

i've closed down all ports that i believe to be unused, and only leave 80, 25, 110, 22, and 23 open.

now, i've heard about others who've setup their firewalls so all their binaries are NFS mounted, meaning a hacker would not be able to do much if he/she gained access to my firewall. so my question is, how do i go about setting something like that up? which binaries are the most critical to move, and which should i leave for system functionality, etc.

any and all help is appreciated! :-)
 
Old 04-18-2002, 11:09 AM   #2
Mik
Senior Member
 
Registered: Dec 2001
Location: The Netherlands
Distribution: Ubuntu
Posts: 1,316

Rep: Reputation: 47
Yeah it's possible but you are creating a second point of failure. If something happens to the nfs server your firewall will no longer work.
I think you would be better off making all your files immutable and mount all the partitions read only, except the ones that need to be written too. Usually mounting /tmp and /var as writeable should be enough.
You could also look into building a cd image of your firewall system. Then everything again would be read only the only problem is you would have to burn a new cd everytime you want to update an application which hopefully won't be very often.
Just my opinion though using NFS might be a very good solution too. You should have placed this question in the security forum. I'm sure there are experts there that could help you better than I can.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
linux kernel panic measures mimithebrain Linux - General 2 11-03-2005 08:00 PM
addtl security measures slug420 Linux - Security 1 06-10-2005 07:45 PM
Additional Programs... caps_phisto Fedora - Installation 1 12-03-2004 05:44 PM
Additional Partitions SkylerS Linux - Newbie 6 05-16-2004 06:49 PM
Measures for accident!? Rex_chaos Linux - General 1 09-25-2001 01:12 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 03:07 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration