Port forwarding OpenSSH: firewalled box open to non-ssh exploits?
I'm reading up on everything I can lay my eyes on with regards to setting up
a masquerading firewall. I have a 486 that I use solely for doing
masq+firewall, and plan to lock down all ports below 1024 except for a few
like ftp (from inside to the world, not the other way), and OpenSSH.
For ssh, I'm concerned that the 486 can't handle the encryption/decription of
ssh in a timely manner and still let my wife play Everquest through the
firewall. So I'm thinking that I'll just have it forward any connections
comming in for ssh to my "everything" server box (dual celeron), which will
be running the sshd.
My question is simple: will forwarding that one port...
1. Work at all? sshd should respond to the incomming connection on a port
above 1023, right?
2. Open up my server to exploits of other services running on it (samba, nfs,
apache, etc...)? Since the packets are going to be allowed on to my private
network, will that expose me attacks that somehow ride in over the forwarded
sshd port?
Thanks in advance. While the concept of firewalls isn't new to me, I've
never know how to really lock my system down that that it could be on 24/7
and not be left wide open to script kiddies. Hopefully the howtos, man
pages, and responses on this list will help me keep the hordes at bay.
FYI: The firewall is a 486 running potato, with latest security patches
fetched once a day. Server is a dual celeron running testing, with everyting
but X and the kitchen sink installed; if it's neat and I plan on playing with
it, it's installed.
--
Did you know that if you play a Windows 2000 cd backwards, you
will hear the voice of Satan?
That's nothing! If you play it forward, it'll install Windows 2000.
Reply to: