On Mon, 2004-02-16 at 11:41, Jeremy Portzer wrote: > On Mon, 16 Feb 2004, Mike M wrote: > > > I need to open one server on my LAN to an outsider. My Linksys > > router appliance (BEFSR11) doesn't seem to be up to the job. I think > > it's time to upgrade to Linux. > > > > Reqs: > > > > * Allow a certain static IP address to ssh to a single server. (THis is > > the requirement the appliance doesn't seem to support.) > > Even though the appliance may not support this option, you can certainly > restrict which IP address can connect via ssh with iptables on the local > server, and/or with the sshd configuration file. This single issue isn't > really a reason to ditch the appliance IMO, but certainly setting up a > Linux firewall/router would be a good exercise. > > --Jeremy
I agree with Jeremy. You can use the DMZ option of the Linksys router to put this box in a DMZ, and then run a firewall on the box to limit the access by IP. Of course, you could also spend $30 on a used laptop or pc and run Linux or OpenBSD and have a fantastic firewall that could let you do anything you want. Note: if your passing through IPSec for VPN, then you'll want to use OpenBSD and not Linux. Jon Carnes -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
