On Fri, Apr 06, 2001 at 11:52:29PM -0500, Vinh Truong wrote: > * Jean-Marc Boursot <[EMAIL PROTECTED]> [010406 21:09]: > > They allow telnet and not ssh? Nice! > > yeah, afraid of the port-forwarding capabilities in ssh. i can see > their point but i'm just as leery of clear-text transmission. oh, well. >
Port forwarding works in ssh no matter what door you run it on. For instance: ssh -p 666 That's what I do when upgrading a remote machine's ssh server. > > So you can turn it off. > > should of thought of that myself. :) > Better yet, remove it. > > What about portmap? You can turn it off either and filter port 25 if > > you have a mail daemon running. In fact, you can drop all external tcp > > connections to ports below 1024 (except 23), and drop all SYN > > connections to ports above 1024. You can also filter ICMP. Check > > gShield (http://linuxmafia.org/~godot/gshield.html): it has very > > restrictive rules. > > i've already disabled portmap and mail demon too. i guess i should look > into setting up a firewall on my debian box. i already have iptables > installed. just need to recompile my kernel to support it. i just keep > thinking that it's overkill to have my hw firewall and then another > firewall set up in software on my box. > It is not. But if in doubt thrash you hw firewall and keep the iptables one :) > thanks for the advice, > vinh > > -- Jose Celestino <[EMAIL PROTECTED]> -------------------------------------------------------------- "Every morning I read the obituaries; if my name's not there, I go to work."
