On Tue, May 27, 2008 at 09:42:40PM +0200, Lars Tunkrans wrote: > Hi all, ... > Use At you own Peril , expect Trial and HOrror. > > Anyway I am hopefull that the community can improve this attempt to > secure a Sun Ray server > Please Contribute.
We have two interfaces on our SunRay server. One interface where everything goes (trusted network) and one interface which is routed around the offices where all the SunRays are connected I seem to have fewer ports enabled than you, and I can testify that this setup works, but except from that, I'm not sure exactly what can be deduced :) ---------------------- # # Block everything not explicitly allowed from the SunRay network # block in on e1000g1 all # Allow ping in pass in quick on e1000g1 proto icmp from any to any # Allow TFTP for firmware downloads pass in quick on e1000g1 proto udp from any to any port = 69 # Alow authd service connect from ray to server pass in quick on e1000g1 proto tcp from any to any port = 7009 # Alow devmgrd service connect from ray to server pass in quick on e1000g1 proto tcp from any to any port = 7011 # Allow actual session traffic pass in quick on e1000g1 proto udp from any to any port 39999 >< 42001 ---------------------- -- / jakob _______________________________________________ SunRay-Users mailing list [email protected] http://www.filibeto.org/mailman/listinfo/sunray-users
