Do allow port 22 for ssh, but don’t enable the ssh service until its needed, or you will have intruders trying passwords to break in.
Look thru the logs every once in a while... -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andre Bunting Sent: Tuesday, November 20, 2007 1:23 PM To: [email protected] Subject: Re: [Efw-user] Port forwarding for external access to a web application I know that i should put my application server onto the orange.. but my app does run well since it needs access to some systems that run on my green.. Thanks for the help... is there anything else i should be aware of ? On Nov 20, 2007 3:36 PM, Scott Silva <[EMAIL PROTECTED]> wrote: > on 11/20/2007 11:17 AM Andre Bunting spake the following: > > > ok.. Endian has been runing well for the last few months.. now this is > > where i hve reached.. > > > > questions: > > 1)Can i setup Endian to allow me to access it remotely and change > > configuration settings. > > > > 2)How can i setup port forwarding to allow external traffic to one of > > my application servers that is on the GREEN network? (read up a bit on > > this.. but jsut need some carification on it) > > > > 3)how easy is it to upgrade from one verison of endian to a new release ? > > > > thanks a mil guys and gals. > > > 1)You can open external access to tcp port 10443 for the web gui and tcp port > 222 for ssh. It is a security risk. > > 2) You forward from a port on the red interface to an ip and port on the green > or orange in the same way. But having a dmz (orange) is safer than forwarding > to green > > 3) AFAIK you need to backup the old version from the gui and install the new > version and restore the backup. They didn't make it very easy as they want you > to buy the commercial version. The commercial version I believe has > incremental updates and an install system like apt or yum. > You could always have 2 identical boxes and swap them as new versions come > out, or just have the system down for a short period of time. Updates to new > versions aren't that frequent. > > Sometimes if the update is a minor version (like 2.1.1 to 2.1.2) you can > figure out what rpm's have changed and install them directly from shell, but > it is not guaranteed to work. > > > -- > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2005. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > Efw-user mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/efw-user > -- With Jah Jah Anything is Possible ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Efw-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/efw-user No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.16.1/1141 - Release Date: 11/20/2007 11:34 AM No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.16.1/1141 - Release Date: 11/20/2007 11:34 AM ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Efw-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/efw-user
