On Monday 24 July 2006 19:48, Cody Nelson wrote:
I ssh through a port I have forwarded from my firewall to my internal server. That server is my server with over a terabyte of space on it.
Is there a better way to do this with out having a 3rd computer that needs to be on all the time? Thinking of some sort of chroot or vmware for ssh to run in on my server, or even my IPCop firewall.
Or using some kidn of Web/SSL VPN . Anyone know of any good open source Web/SSL VPN?
I usually only use ssh, web, and VNC remotely.
Hi Cody, You're a little unclear, but what I think you're asking is, givin the current setup: Server | IPCop Firewall | {Internet} | Roaming machine Can you get rid of the IPCop machine? If I've understood you correctly, then yes you can. You can place multiple NIC's in the server, allocate the security appropriately for each NIC using YaST, and make the server the gateway machine. However this does reduce your security to a degree, as you lose "defense in depth". You'd want to ensure only SSH or VPN with pre-shared keys is running on the "External Interface". Remove password only access, as you'd be susceptable to script-kiddies trawling for common and/or slack passwords. Theoretically you could put a firewall in a vmware machine, but I don't think vmware takes over the NIC at the hardware level, so you still need to protect the servers "External Interface" as it will be active in bridged mode. As to chroot, I don't know it all, so can't help in truth, but I suspect it would again boil down to the ability to isolate the NIC to the server in the chrooted environment. -- Steve Boddy -- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com