Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
06-03-2003, 09:34 PM
|
#1
|
LQ Newbie
Registered: Jun 2003
Posts: 4
Rep:
|
Firewall/Router, building my own server, plz review list
I have been experimenting with linux-distros that act as routers and firewalls. The best one I've found is clarkconnect (supports scsi), but I'd like to build my own. I downloaded the Mandrake 9.1 isos, and started compiling a list of things I'd need. Basically, My setup is a server with 2 NIC's..one to the outside world and one to my network (10.0.0.*). I want the server to act as a firewall and route, webserv..etc..these are the packages I've come up with so far. I will need to run NAT obviously, as I only have one ip.
iptables - i can do port forwarding and open up incoming ports right?
ipmasquerading (do i need both iptables and ipmasquerading?)
apache
webalizer/awstats--any recommendations to which one??
webmin
SSH
ProFTP
Samba
I'm also going to be running a netware 6.5 server to do: DNS/DHCP
iFolder
Netstorage
iManager
iPrint
And then I'm going to build a w2k server to run my webcam, i use a program called webcamxp (for those of you who dont use it, you should, its awesome) to host my cam.
Is Mandrake 9.1 my best bet in this endeavor? Please let me know, I appreciate everyone's help. Thanks in advance!
|
|
|
06-03-2003, 09:40 PM
|
#2
|
LQ Newbie
Registered: Jun 2003
Posts: 4
Original Poster
Rep:
|
Just thought I'd add..I'm also running groupwise 6.5 on the netware box....
|
|
|
06-03-2003, 10:32 PM
|
#3
|
LQ Guru
Registered: Apr 2002
Location: Atlanta
Distribution: Gentoo
Posts: 1,280
Rep:
|
no you dont need ipmasquerading if you have iptables installed, to nat with iptables u do something like the following:
iptables -A POSTROUTING -t nat -s $LAN -d ! $LAN -j SNAT --to $WAN_IP
where $LAN = 10.0.0.0/24, ! $LAN is the internet in your case and $WAN_IP is the ipaddress given to you by your isp. If your ip isnt static, then you simply change the end to:
-j MASQUERADE everything before the -j can stay the same.
|
|
|
06-03-2003, 10:35 PM
|
#4
|
LQ Guru
Registered: Apr 2002
Location: Atlanta
Distribution: Gentoo
Posts: 1,280
Rep:
|
also i'd recommend against straight ftp, i'd make all file transfers and remote logins secure by doing it all over ssh, if you have sshd running you can use scp (windows machines can use WinSCP) or sftp (windows machines can use the SSH option when doing FTP and connect to port 22 on your FTP server).
|
|
|
06-03-2003, 11:16 PM
|
#5
|
LQ Newbie
Registered: May 2003
Posts: 27
Rep:
|
you may also want sql databases, mysql works a treat 
|
|
|
06-05-2003, 03:17 PM
|
#6
|
LQ Newbie
Registered: Jun 2003
Posts: 4
Original Poster
Rep:
|
I dont have any need for SQL, but about ftp.. I decided not to even use it at all. I can use iFolder instead. With concerns about being hacked, who knows how to hack any novell products anyways....I have been reading about iptables, its pretty confusing. Does anyone have any links to basic guides/how-to's.. I'm a netware person, im new to the linux world, this stuff is somewhat confusing to me. Thanks again
|
|
|
06-06-2003, 05:23 AM
|
#7
|
Moderator
Registered: May 2001
Posts: 29,417
|
I have been reading about iptables, its pretty confusing. Does anyone have any links to basic guides/how-to's
Check out the LQ FAQ: Security references, post #2.
|
|
|
All times are GMT -5. The time now is 11:45 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|