i don't think that is a good idea to give someone access to your firewall
box if you have configure your firewall and routing table correct you don't
have to give a user account to your firewall its so simple don't make this
to yourself
Kontogiannopoulos Dimitris
jim@infodomi.gr
Junior Net Admin
----- Original Message -----
From: "phil"
Greetings all, I been trying to give my friend a shell account (ssh) And I have ran into some confusion.
The firewall box has ssh already on it, but it also has portforwarding. So I am confused as to where I should give my friend a shell at.
I also talk irc with my friend on a ircd which is located on 192.168.0.2 , but I wondering if this is safe to let ircd be port forwarded through firewall box
|---------------------------------- | modem (dialup)-- firewall box | | | redhat eth0 |---------------------------------- | |------------ |---------------- | hub | -- | (eth0) 192.168.0.1 (just a client mandrake) |------------ \ |---------------- | (eth0) 192.168.0.2 (irc, shell accounts suse 7.2)
at the moment the only way I know to get through the external network is to ssh to the firewall box as root, then ssh again into 192.168.0.2 box.
I don't want my friend to know the root password on the firewall. I trust the guy, but he isn't very adept at linux and he might screw something up by accident. I want to avoid the accident. I also want to limit him to say 10MB and 10 process's (the cpu goes to 100% now with no limits on the account)
If I shut ssh off the firewall how can I turn on ssh through it to the shell accounts. Or is this the wrong way to do this? I am thinking the shell might be better off located on the firewall.
Should ircd be relocated to the firewall instead of where it is now (192.168.0.2)
and finally... a bloob, I accidentally deleted my ircd startup from the inetd.conf I tried YaST and manually editing it but the only way to start irc is manually now. Can someone show the line or lines in the inetd.conf that have the irc/ircd start up from inetd.conf There is not anything in the manual about this.
it used to start when I boot, but no more...;o(
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com