Let me explaint the situation here: I've got: 1 server running debian 2 P3 machines dualbooted with Windoze XP and Debian
on a network, that's why I'm using NAT. On the server I'm running Apache, samba, squid and proftp. Squid and samba are for internal use only. I'm logging in by SSH from everywhere it's possible, so that's why the SSH port is open. I've got some customers who use webspache, that's why I'm using apache and proftp. Hope this is enough information HTH, Willem-Jan Meijer <-- Alle inkomende en uitgaande e-mail worden gescand op virussen --> <-- All incoming and outgoing e-mail is scanned for virusses --> -----Oorspronkelijk bericht----- Van: Nathan E Norman [mailto:[EMAIL PROTECTED] Verzonden: vrijdag 21 februari 2003 22:55 Aan: Debian Onderwerp: Re: Gibraltar, apache and samba at the same machine On Fri, Feb 21, 2003 at 02:21:10AM -0800, Paul Johnson wrote: > On Thu, Feb 20, 2003 at 11:45:33AM -0600, Nathan E Norman wrote: > > gibraltar is not what you want. Install the "ipmasq" package. > > Well, if we're talking only a single computer altogether, then making > sure you don't have any services that aren't being used installed, and > make sure the ones that are being used are both properly configured > and patched in an intelligent manner should really cover your bases. > If it's a home box with no services to the outside world, you can > pretty much remove all services but the MTA, reconfigure the MTA to > not listen outside of localhost and learn a little iptables to close > everything off that isn't originating from the box or related to an > existing connection. Agreed. However, the script this guy posted indicated he was doing NAT (though it's still not clear to me that it's needed :-) which is why I mentioned the ipmasq package. It's not perfect but IMO it's a good starting point for newbies. -- Nathan Norman - Incanus Networking mailto:[EMAIL PROTECTED] People demand freedom of speech to make up for the freedom of thought which they avoid. -- Soren Aabye Kierkegaard -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
