Re: nfs and firewall

To: Carel Fellinger <cfelling@iae.nl>
Cc: debian-user@lists.debian.org
Subject: Re: nfs and firewall
From: Sebastian Ritter <sritter@linuxritter.de>
Date: Sun, 3 Sep 2000 06:01:09 +0200 (CEST)
Message-id: <[🔎] Pine.LNX.4.21.0009030547050.16589-100000@dimple.linuxritter.de>
In-reply-to: <[🔎] 20000902201417.A4331@animus.fel.iae.nl>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sat, 2 Sep 2000, Carel Fellinger wrote:

> Hai,
> 
> I'm trying to secure my system, I ran pmfirewall and some tests.
> It seems that rpc.mountd still listens on port 1024 even on the
> outgoing ethernet.
> 
> I am trying hard to read up to this subject, but in the time being
> I would feel much better if I were able to shut off *all* services
> from this machine to the hostile internet. So if some kind soul
> could shed some light onto this, I would be much obliged:)
> 
> My setup is a firewall and several local machines on a local net,
> the firewall doing masquerading and firewalling. For ease of upgrading
> I want the firewall to be able to mount a debian mirror on another
> local machine. In the end I also think of letting the firewall machine
> act as a local mail and news server (is that deemed secure?).

You can find a lot of informations on how to set up Firewalls in the
IPCHAINS-HOWTO. You can find that document under http://www.linuxdoc.org/.

Using the firewall as a mail and news server is extremely dangerous. The
best firewall would be a dedicated machine which ONLY acts as a
firewall and does nothing more. I think any company that's a little bit
nervous about security should afford that.
It seems to me that you are very new to IP security. I'd strongly advise
you to buy external support or read lots of related books, e. g. "Building
Internet Firewalls 2nd Edition" by O'Reilly to gain the basic 
skills. Otherwise it's very likely that you'll get cracked. ;-)
Another solution would be to buy a preconfigured firewall like those Nokia
and Cisco PIX routers. It's easier to set these up if you don't know what
you're really doing. But basic knowledge about TCP/IP networking and
security is a must, even with those easy to use products.

Just my $0.02
  Sebastian

email: sebastian.ritter@web.de      gpg: 0A17B8EC      icq: 86831140
Key fingerprint = C693 9161 F596 6333 C22D  1BCC F385 A303 0A17 B8EC

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.2 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE5sc0K84WjAwoXuOwRAhm6AKDBPXHoGnU3vUjBc3QoW8MBCS1+twCgvK4z
g783LbGtdjrUKRZjgMnF7ic=
=Jo4j
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Re: nfs and firewall
  - From: Carel Fellinger <cfelling@iae.nl>

References:
- nfs and firewall
  - From: Carel Fellinger <cfelling@iae.nl>

Prev by Date: Re: logitech trackman marble+
Next by Date: NFS stability and file ownership problem.
Previous by thread: Re: nfs and firewall
Next by thread: Re: nfs and firewall
Index(es):
- Date
- Thread