Quote:
Originally Posted by BAcidEvil
Long story then;
Instead of me using Port Forward for every little port I want enabled such as http, 113, (sshd port) so on and so forth in my Router, could I not just give all access (isn't that what DMZ is or am I misunderstanding) and then do the blocking of ports on the Linux box?
|
Assuming you don't have to open more than a handful of ports, it wouldn't be too difficult just to open the ports on both router and Slackware machine. Let the router forward them to Slack and have netfilter/iptables on Slack handle the filtering. If these ports are just for your own use and not for the public you could instead set up OpenVPN on Slack and have just UDP 1194 forwarded from the router to Slack; then you would access the services (ssh, http, imap, etc.) as if they were on a LAN, with no port forwarding or filtering other than UDP 1194 for OpenVPN required.
If you have a DMZ port on your router, and you are offering web and other services to the public, you should attach your public-facing server to the DMZ. This should really be a different machine, and not your everyday Slackware workstation; leave that connected to the LAN port on your router and don't allow public connections to it, unless you want SSH or OpenVPN.