Mailinglist Archive: opensuse-security (138 mails)

< Previous Next >
Re: [suse-security] Re: Openssh + security
  • From: "Dirk Schreiner" <Dirk.Schreiner@xxxxxxx>
  • Date: Wed, 14 Dec 2005 19:31:18 +0100
  • Message-id: <43A064F6.6060708@xxxxxxx>
Hi,

Bruno Cochofel wrote:
> Ok, let's say I'll put a firewall PC on my network...
>
> I have to create a masquerade rule to let the internet access my intranet
> web server right?

If you are new to Firewalling try out rinetd.
Makes Firewall rules by far easier. In fact you
simply can use Yast Firewall configuration.
(Simply handle the redirected external Port as if it
was opend by the Server.)


> (By the way, trying to find out how to do that under yast but don't get the
> diference between the option Source network and requested IP, so if someone
> help me on this I appreciate... There's several options to create a rule so
> please illucidate me)
>
> Doesn't this rule opens a hole in my intranet security if, let's say, my web
> server get's compromised?

Yea.
Put another 5.--EUR ethernet card into the Firewall. Declare it as
DMZ and put the webserver there.
(But then youre workstation cannot be the webserver ;-))


Greetings
Dirk






















TRIA IT-consulting GmbH
Joseph-Wild-Straße 20
81829 München
Germany
Tel: +49 (89) 92907-0
Fax: +49 (89) 92907-100
http://www.tria.de


Registergericht München HRB 113466
USt.-IdNr. DE 180017238 Steuer-Nr. 802/40600
Geschäftsführer: Richard Hofbauer
kaufm. Geschäftsleitung: Rosa Igl--------------------------------------------------------
Nachricht von: Dirk.Schreiner@xxxxxxx
Nachricht an: bruno.cochofel@xxxxxxxxx, suse-security@xxxxxxxx
# Dateianhänge: 0























< Previous Next >