Firewalls
- Thread starter crpelon
- Start date
- Joined
- Feb 27, 2003
- Messages
- 623
There are several good security threads on this forum, so you may want to check those out. We do encourage security measures like a firewall, but make sure you have all the required ports open so your server functions properly.
The best way to back up an entire system depends on your setup (e.g. do you have an extra HD in your server?). Hopefully we will find the time to integrate such a feature right into the admin panel, but for now how to do this is up to you.
I'm sure some other people on here will post some helpful ideas *hint*.
Mark
The best way to back up an entire system depends on your setup (e.g. do you have an extra HD in your server?). Hopefully we will find the time to integrate such a feature right into the admin panel, but for now how to do this is up to you.
I'm sure some other people on here will post some helpful ideas *hint*.
Mark
nobaloney
NoBaloney Internet Svcs - In Memoriam †
Hint taken, Mark 
.
I'm taking the liberty of attaching a file to this post. It's called dafirewall.txt includes two parts, ipchains and proftpd.conf.
The first part, ipchains is a copy of my ipchains file from my test DA box, and so far it seems to work. I don't use iptables yet.
The second part, proftpd.conf, is a replacement for the DA proftpd.conf, which makes use of the ten passive access ports for ftp I've left open in the ipchains file.
If you want more than ten users to be able to use passive ftp at the same time, then you'll have to modify both these files to use more unprivileged ports for ftp. I leave that as an exercise to the reader.
Since this forum only allows me to attach one file and I didn't want to put either you or I through having to deal with a zip file, I chose to put both files into one... the breaking point should be obvious.
(Note that these files were created on a Windows machine and should have their line-endings converted when you move them to you linux box or they won't work.)
You'll need to restart both proftpd and ipchains after you've made the file changes:
# /etc/rc.d/init.d/proftpd restart
and
# /etc/rc.d/init.d/ipchains restart
Jeff
.I'm taking the liberty of attaching a file to this post. It's called dafirewall.txt includes two parts, ipchains and proftpd.conf.
The first part, ipchains is a copy of my ipchains file from my test DA box, and so far it seems to work. I don't use iptables yet.
The second part, proftpd.conf, is a replacement for the DA proftpd.conf, which makes use of the ten passive access ports for ftp I've left open in the ipchains file.
If you want more than ten users to be able to use passive ftp at the same time, then you'll have to modify both these files to use more unprivileged ports for ftp. I leave that as an exercise to the reader.
Since this forum only allows me to attach one file and I didn't want to put either you or I through having to deal with a zip file, I chose to put both files into one... the breaking point should be obvious.
(Note that these files were created on a Windows machine and should have their line-endings converted when you move them to you linux box or they won't work.)
You'll need to restart both proftpd and ipchains after you've made the file changes:
# /etc/rc.d/init.d/proftpd restart
and
# /etc/rc.d/init.d/ipchains restart
Jeff
nobaloney
NoBaloney Internet Svcs - In Memoriam †
Thanks for the link and the reminder to your earlier post, Chris.
Because these are listed on a competitor's forum, I'm not sure all of us will want to point our clients there to read them. And nowhere on that site to a see permission to copy them off and put them on our own site.
So I'm willing to write up some white papers, put them into the open source documentation license (I forget what it's called) and place them on my nobaloney.net website for anyone to copy them off and use them as they see fit, with or without modification.
I'll start on this within the next few days as time permits.
However, I only have Linux and Windows systems, so I'd appreciate some help from someone in writing the Mac-specific stuff.
Jeff
Because these are listed on a competitor's forum, I'm not sure all of us will want to point our clients there to read them. And nowhere on that site to a see permission to copy them off and put them on our own site.
So I'm willing to write up some white papers, put them into the open source documentation license (I forget what it's called) and place them on my nobaloney.net website for anyone to copy them off and use them as they see fit, with or without modification.
I'll start on this within the next few days as time permits.
However, I only have Linux and Windows systems, so I'd appreciate some help from someone in writing the Mac-specific stuff.
Jeff
All of the how-tos written on that forum were written by members, if you wish to reproduce you should contact the author of the howto.
Apart from that theres not much you can do although im sure it would be ok to write them out if it was only for use by your own customers
Chris
Apart from that theres not much you can do although im sure it would be ok to write them out if it was only for use by your own customers
Chris
thoroughfare
Verified User
- Joined
- Aug 11, 2003
- Messages
- 575
Did anyone convert Jeff's ipchains template into iptables?
If so please post
Much appreciated,
Matt
If so please post
Much appreciated,
Matt
nobaloney
NoBaloney Internet Svcs - In Memoriam †
I have not had time to revisit this issue <frown>, and probably won't for some time <frown, again>, as I'm planning to move a few thousand miles and the plans are taking every bit of my time.
I hope someone or ones will take up some of the slack, and I'll be happy to answer specific questions about specific security issues.
I do monitor posts to this thread.
Jeff
I hope someone or ones will take up some of the slack, and I'll be happy to answer specific questions about specific security issues.
I do monitor posts to this thread.
Jeff