Re: Firewall with iptables and forwarding
On Fri, 2003-06-27 at 04:48, Linux wrote: > Hi > > Have anybody a good recommendation for an easy to use firewall with port > forwarding ? > > I got a home network with a dedicated (Debian of course) firewall box with > ADSL connected, and ipmasq package installed. > > My problem is that I don't know HOW I should put in the various rules in > ipmasq => Which makes me look for something simpler or some examples or tips. > > What I want to do is open up for incoming mail and http to be able to access > my mailserver and internal webserver from internet, but not necessarily on > the standard ports but some other ones. > > Any suggestions or recommendations ? > > --Robert Try bastille. Its quite easy, even has a gui. Kenneth > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: configure ssh-access
[EMAIL PROTECTED] wrote: Hi! I want to make ssh-access possible only from a restricted number of hosts - those that are named in /etc/hosts.allow. Users who want to login have a DynDNS host-name that shall be listed in hosts.allow to make it possible for users with a dial-up internet connection, too. BUT: The problem is that I can only login to the ssh-machine when I enter the IP-address to the hosts.allow file. Specifying the hosts DNS-name does not work! AND: I'd prefer to specify the rules for loggin into the machine in the sshd_config-file, not in hosts.allow/deny. But the AllowHosts/DenyHosts-options that could be used in /etc/sshd_config earlier seem to be not any longer available at the SSH-version I'm using. It's: openssh-3.4p1-80 on a SuSE 8.1 Has anybody ideas in this 2 problems? thx in advance, Klaus Hi. I use this line: auth required /lib/security/pam_listfile.so item=user sense=deny file=/etc/ssh.deny.login onerr=succeed in /etc/pam.d/ssh I then restrict users from logging in which i define in ssh.deny.login Maybe you can tweak a bit and have a script getting updated ip-adresses for your hosts? I dont know if pam can make use of it, just a suggestion. Kenneth
logcheck question
Hi. I am running stable and just installed logcheck I get this mail: run-parts: component /etc/cron.d/logcheck is not an executable plain file in /etc/cron.d/ i have this: -rw-r--r--1 root root 147 Feb 21 2002 logcheck the contents of file: [EMAIL PROTECTED]:/etc/cron.d$ cat logcheck @reboot roottest -x /usr/sbin/logcheck && nice -n10 /usr/sbin/logcheck 2 * * * * roottest -x /usr/sbin/logcheck && nice -n10 /usr/sbin/logcheck [EMAIL PROTECTED]:/etc/cron.d$ I am used to just installing a package and it works. Can someone enlighten me in whats wrong? Kenneth
Re: Firewall with iptables and forwarding
On Fri, 2003-06-27 at 04:48, Linux wrote: > Hi > > Have anybody a good recommendation for an easy to use firewall with port > forwarding ? > > I got a home network with a dedicated (Debian of course) firewall box with > ADSL connected, and ipmasq package installed. > > My problem is that I don't know HOW I should put in the various rules in > ipmasq => Which makes me look for something simpler or some examples or tips. > > What I want to do is open up for incoming mail and http to be able to access > my mailserver and internal webserver from internet, but not necessarily on > the standard ports but some other ones. > > Any suggestions or recommendations ? > > --Robert Try bastille. Its quite easy, even has a gui. Kenneth > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: configure ssh-access
[EMAIL PROTECTED] wrote: Hi! I want to make ssh-access possible only from a restricted number of hosts - those that are named in /etc/hosts.allow. Users who want to login have a DynDNS host-name that shall be listed in hosts.allow to make it possible for users with a dial-up internet connection, too. BUT: The problem is that I can only login to the ssh-machine when I enter the IP-address to the hosts.allow file. Specifying the hosts DNS-name does not work! AND: I'd prefer to specify the rules for loggin into the machine in the sshd_config-file, not in hosts.allow/deny. But the AllowHosts/DenyHosts-options that could be used in /etc/sshd_config earlier seem to be not any longer available at the SSH-version I'm using. It's: openssh-3.4p1-80 on a SuSE 8.1 Has anybody ideas in this 2 problems? thx in advance, Klaus Hi. I use this line: auth required /lib/security/pam_listfile.so item=user sense=deny file=/etc/ssh.deny.login onerr=succeed in /etc/pam.d/ssh I then restrict users from logging in which i define in ssh.deny.login Maybe you can tweak a bit and have a script getting updated ip-adresses for your hosts? I dont know if pam can make use of it, just a suggestion. Kenneth -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
logcheck question
Hi. I am running stable and just installed logcheck I get this mail: run-parts: component /etc/cron.d/logcheck is not an executable plain file in /etc/cron.d/ i have this: -rw-r--r--1 root root 147 Feb 21 2002 logcheck the contents of file: [EMAIL PROTECTED]:/etc/cron.d$ cat logcheck @reboot roottest -x /usr/sbin/logcheck && nice -n10 /usr/sbin/logcheck 2 * * * * roottest -x /usr/sbin/logcheck && nice -n10 /usr/sbin/logcheck [EMAIL PROTECTED]:/etc/cron.d$ I am used to just installing a package and it works. Can someone enlighten me in whats wrong? Kenneth -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
