Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 04-18-2002, 10:19 AM   #1
Registered: Aug 2001
Location: Lansing, Michigan
Distribution: slackware8+
Posts: 472

Rep: Reputation: 30
additional firewall measures

hello all... i'm seeking a little advice with my firewall. currently, it's a pretty basic setup. two nics, one connected to my cable, the other to my internal network. i use IP masqing to forward client requests to the internet.

i've closed down all ports that i believe to be unused, and only leave 80, 25, 110, 22, and 23 open.

now, i've heard about others who've setup their firewalls so all their binaries are NFS mounted, meaning a hacker would not be able to do much if he/she gained access to my firewall. so my question is, how do i go about setting something like that up? which binaries are the most critical to move, and which should i leave for system functionality, etc.

any and all help is appreciated! :-)
Old 04-18-2002, 11:09 AM   #2
Senior Member
Registered: Dec 2001
Location: The Netherlands
Distribution: Ubuntu
Posts: 1,316

Rep: Reputation: 47
Yeah it's possible but you are creating a second point of failure. If something happens to the nfs server your firewall will no longer work.
I think you would be better off making all your files immutable and mount all the partitions read only, except the ones that need to be written too. Usually mounting /tmp and /var as writeable should be enough.
You could also look into building a cd image of your firewall system. Then everything again would be read only the only problem is you would have to burn a new cd everytime you want to update an application which hopefully won't be very often.
Just my opinion though using NFS might be a very good solution too. You should have placed this question in the security forum. I'm sure there are experts there that could help you better than I can.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
linux kernel panic measures mimithebrain Linux - General 2 11-03-2005 08:00 PM
addtl security measures slug420 Linux - Security 1 06-10-2005 07:45 PM
Additional Programs... caps_phisto Fedora - Installation 1 12-03-2004 05:44 PM
Additional Partitions SkylerS Linux - Newbie 6 05-16-2004 06:49 PM
Measures for accident!? Rex_chaos Linux - General 1 09-25-2001 01:12 PM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 03:07 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration