Suresh Ramasubramanian spewed into the ether:
>> I suppose a firewall on RedHat 6.2 should be ok for this kind of
>> connection. And, how can I go for a static IP ?
>
>OK - here's a _very short_ howto on this
>
>1. Do a custom install - and DONT INSTALL X WINDOWS / LINUXCONF.
>Leave only a skeleton set of services running here.
What do you mean skeleton? The only thing running on this machine
should be sshd.
>2. Upgrade nearly everything on that box (or install something like
If you need a ftp server, go for Proftpd1.2rc3 (I'm sure Binand will
recommend the OpenBSD port, but I have no experience with that).
Do not even install wu-ftpd. Do not install the telnet daemon.
>3. Chroot a few packages such as Bind and POP3
Actually, as many as you can.
Recompile your kernel with the ACL patches (if you know what you are doing).
>4. Use ipchains to restrict / block access to ports / services.
Don't forget to set a default policy of DENY in
etc/rc.d/init.d/network before bringing up any cards.
>called GShield. Use it (and something like Bastille as well). To
IIRC that need GNOME. The reference "Building Internet firewalls" from
O'Reilly should help a lot.
Remember to use the -l flag for ipchains a lot.
To parse your logs, use logcheck. Its a very useful shell script.
And if you aren't running a webserver/mailserver on that machine/behind it, just deny
all incoming direct connections.
Devdas Bhagat
------------------------------------------------------------
For Valentine's Day shop by Brand, Product, Price, Store and Location!
http://shop.storerunner.com/shop.asp?pdef=home&trsid=3080
----------------------------------------------
LIH is all for free speech. But it was created
for a purpose. Violations of the rules of
this list will result in stern action.
