Re: Booting up and security
A long time ago, in a galaxy far, far way, someone said...
> Having made the move to potato and 2.2.13, my server is now a source of joy.
> One small question...to get things to start I've been adding then to
> /etc/init.d/network along the lines of...
>
> echo "1" > /proc/sys/net/ipv4/ip_forward
Move this to the end. As it is now, there is a small window between
forwarding being enabled and people getting what they're not supposed to.
> ipchains -P forward DENY
> ipchains -A forward -s 10.0.0.0/255.255.255.0 -j MASQ
> ifconfig eth1 10.0.0.25 netmask 255.255.255.9 broadcast 10.0.0.255
> route add -net 10.0.0.0 dev eth1
This isn't needed with a 2.2 kernel - it's done automatically when
'ifconfig' is run.
> fetchmail -d 300
>
> Is there a better way to start a second NIC, IP masquarading and fetchmail.
I've hacked up a set of shell scripts that make setting up additional NICs
easy (I think so, at least). Let me know if you want it - total size of
the tarball would be less than 1k.
> Does this look like a secure setup?
For the most part - as part of IP masq, you also have firewalling in the
kernel. I suggest you make use of it.
--
----------------------------------------------------------------------
Phil Brutsche pbrutsch@creighton.edu
"There are two things that are infinite; Human stupidity and the
universe. And I'm not sure about the universe." - Albert Einstein
Reply to: