UFW settings for simple file server
Hi all,
I would like to set the firewall in Ubuntu Server 10.10 up to be very secure but perform these tasks: 1. File server to windows 7 and windows xp machines both over ethernet and wireless via a router. 2. Print server for these 2 machines. 3. Auto backup these 2 machines. So far I have set the server up with a static ip, do the 2 windows machines need static ip's aswell? I don't need remote access to the server, only over the lan. I thought this may be all I needed to do: Code:
$ sudo ufw default deny incoming Thanks for any help, Cheers. |
Quote:
|
Quote:
Rough 60, a couple of things about the subject at hand. First, please keep in mind that in Linux ports are by default closed unless there is an application listening on that port. Consequently, the primary advantage in a firewall is that it acts as a wrapper around your system to catch inadvertent errors and also as a means to prevent outgoing traffic. I mention this because it is a common point of confusion, especially for anyone coming from the Windows domain. You mention that you would like your system to be very secure, which is an excellent objective, and a firewall is certainly a part of that, but there are other factors that will be more important. Second, UFW is an easy way to manage the default firewall in Ubuntu, which is IPTables. If the tool will perform the function you require that is fine, but you should also consider learning how to configure it manually as this will give you a very fine degree of control over the traffic beyond a simple allow/deny on various ports. For example, you can limit the number and rate of connections from a particular IP. |
Quote:
If he's using rsync, then his ACL may allow him to perform backups, although I don't know how granular he can get with UFW (I've used it sporadically but prefer iptables). If he's using, for example, an enterprise tool such as Veritas, or something besides rsync, the rsync allowance won't work for him. |
Thanks guys, I'll probably post a few more Q's soon.
Cheers |
All times are GMT -5. The time now is 03:07 PM. |