I have been considering this idea, my linux firewall book talks about not running ircd through the firewall. It says that Business and Commercial Firewalls shouldn't allow IRC through the firewall because of the risks of the protocol itself. Hmmmm. My only two choices are to run it on the firewall, or on 192.168.0.2, there's no other place I can put it right now. Current pfwd rules on the firewall are: Source port Destination IP Destination port 6667 192.168.0.2 6667 (ircd) 22 192.168.0.2 22 (ssh) 23 192.168.0.2 23 (Mystic BBS) 80 192.168.0.2 80 (httpd) Ftp only available internally. not externally. I solved the ssh problem already. It was too simple to for me to do. I think that's why I made it too complicated to do. So thanks on that one. My friend now happily can ssh right to where I want him to, and I can totally control his account via the users / groups in YaST2. it is pretty nice. On Wednesday 11 July 2001 12:05 am, you wrote:
Is the machine running irc services running any other services that you are using from (only) behind the firewall ? If not, IMHO it would be considerable to put it next to the firewall, run only ircd and sshd (maybe you can restrict access to it with some ipchains / -tables rules to a couple of hosts). If it's being cracked, the cracker is still in front of your firewall, not behind.
Good luck ;)
Bjoern