On Thu 20 January 2011 15:57:22 Christ Schlacta wrote: > if ipmi is unfirewalled, any user who can jack into an open port can just > use ipmi. that's not good. you should segregate ipmi to a dedicated vlan > at the switch if possible. iptables rules are probably not the best way to > go about securing this situation.
I know, but the switch is in my home. Not worried about it here. See, my LAN has the HTPC, my work laptop, and the backup server. I need the backup server as the HTPC has terabytes of my favorite movies & shows, and nowadays it's not practical to back up to anything but disk. I've built a little SuperMicro mobo in a cube chassis with a SuperMicro 3x5 drive carrier, to put in the garage for backing up, in case of theft or fire of my other machines. I got the mobo with IPMI, which is a wonderful improvement. I've set IPMI to a different class C in case my main LAN ever gets broken into from outside, and on my work laptop that class C is a subnet of the wlan interface. I wasn't able to make that subnet get through Shorewall until I set it up in /etc/network/interfaces with the 'up ip' command, as in the Shorewall wiki. Now it works fine. (Thanks for pitching in Tom) I've had a terrible time with rsync and btrfs, but now seem to have them under control as well, and may just have a fine automated system going. Still testing. Next will be setting the backup server up to record my security cameras with ZoneMinder! ------------------------------------------------------------------------------ Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
