Right, I'm in the process of setting up a small lamp server for my final year uni project, obviously
security is important as I don't want anyone breaking in and ruining the machine whilst my work is on
there!!
I didn't know whether to place this question in the networking or security questions so if anyone feels it
belongs elsewhere please move it
Right here we go!
I have the lamp services basically set up. The server is connected to a wireless router, there are two
windows boxes also connected to the wireless router. The router is connected to the net through 512kb bb.
Now, first of all I only want one machine to be able to connect via ssh at the moment (there will be
another shortly) this is one of the windows boxes which is on a 192.168.0. address. I have edited the
hosts.allow file with the following
sshd:192.168.0.2
However it is still allowing access from other local machines on the network. It was at this point I've
decided to ask all of the following questions at once and one answer might have an impact on later
questions!
This is essentially what I'm after :
- Only one local machine .2 should be allowed to SSH to the machine.
- From this SSH session the user should be able to use mysql client, edit dbs etc.
- The apache directory needs to be viewable externally through the internet e.g. on the other side of the
router. EDIT : Also ideally the server should have it's own static IP address (I've got one spare) so I
understand that port forwarding will need to be setup on the router, what I'm puzzled about is how I can
get the server to have a static address e.g. 81.123.45.6 when it's behind the router which has it's own
external ip! e.g. another 81.123.45.6
- It is likely that one other machine will be allowed to use SSH, but this will be external (e.g. through
the internet)
As i've mentioned before i need this to be as secure as possible. The system is running SUSE 9.1 on a
minimum install.
Any help is appreciated!