Re: Firewalls

From: Dennis Stout (crazyman@rogershsa.com)
Date: 08/01/01


Message-ID: <000201c121f8$034d7b20$020aa8c0@borg.net>
From: "Dennis Stout" <crazyman@rogershsa.com>
To: <security-discuss@linuxsecurity.com>
Subject: Re: Firewalls
Date: Wed, 1 Aug 2001 10:30:16 -0800

sftp, comes as a part of ssh2. Very secure file transfer protocol. I don't
know if you have any windows boxes on the network or not, but if you do,
there are windows clients for ssh. I don't know if ther are for sftp, but
then again, if you're truely worried about security youwon't be runnign
windows anyways :)

Have a good one.

Dennis Stout

----- Original Message -----
From: "Trevor Wise" <wiset@trusjoist.com>
To: <security-discuss@linuxsecurity.com>; <duane@sukkha.homeip.net>
Sent: Wednesday, August 01, 2001 9:44 AM
Subject: Re: Firewalls

Thanks,

These are some good suggestions.
We actually tried the ipmasqadm when the consultant was here. For the most
part, it works aside from the whole passive mode thing with ftp. If I can
find a SIMPLE (and secure) file transfer tool and then talk everybody into
using it, I'd like to go that route. It may kill 2 birds with one stone.
(Security and passive transfers) - I'll look into the tools you mentioned
here.

I'm also gonna try to install Astaro Linux that Vijai .G mentioned. Sounds
similar to Storm Linux (whatever happened to that distro anyway?)

As far as the Monoposition or Monouesto mode... Can't find any
documentation on that in the stuff we've got. Also don't see any way of
changing it either on the hardware or in the utility program we have. -
Thanks for the thought!

I'll keep ya posted if I can get it working. Thanks again!

Trevor Wise
Assistant Internet Facilitator
Trus Joist, A Weyerhaeuser Business
5995 Greenwood Plaza Blvd, Suite 100
Greenwood Village, CO 80111
303.770.8506

>>> duane@sukkha.homeip.net 08/01/01 08:51AM >>>
"Monoposition mode"??

You can use the ipmasqadm tool to forward connections to the web server
behind the firewall like so:

ipmasqadm autofw -A -r tcp 80 80 -h webserver.address

I would leave the webserver behind the firewall with a private address and
the ftp server. You know you can install ssh and use scp for file
transfers so you won't have to enable ftp. There are gui clients for scp
like: winscp (http://winscp.vse.cz/eng/) and IXplorer
(http://www.i-tree.org/ixplorer.htm) and there is MindTerm, which is java
based and can run from many platforms
(http://www.appgate.org/products/mindterm/).

You can add static routes on the machine with the web server on it
as long as you can ping the gateway that the other networks are on.

route add -net 192.168.1.0 gw 192.168.0.1 netmask 255.255.255.0

Do you need help with a firewall script or do you have that down? If you
need help...I'd recommend the scripts located in the "Securing Redhat
Howto".
http://www.linuxsecurity.com/docs/Securing-Optimizing-Linux-RH-Edition-1_3.p
df

They are located in the "Ipchains" section it starts on page 115. Those
scripts are specifically for a web and ftp server (I'd substitue the ftp
for ssh).

We are all here with you so if you run into snags then let us know.

------------------------------------------------------------------------
     To unsubscribe email security-discuss-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.

------------------------------------------------------------------------
     To unsubscribe email security-discuss-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.

------------------------------------------------------------------------
     To unsubscribe email security-discuss-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.