RE: Secure ftp server?
From: Wilbur M. Sims III (pheh@the.whole.net)Date: 12/19/01
- Previous message: Michael Dupree, Jr.: "Re: Secure ftp server?"
- In reply to: Juan Mejia P.: "Secure ftp server?"
- Next in thread: Ivan Hernandez Puga: "RE: Secure ftp server?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Wilbur M. Sims III" <pheh@the.whole.net> To: "Juan Mejia P." <jmejia@uchile.cl>, <security-basics@securityfocus.com> Date: Wed, 19 Dec 2001 09:50:13 -0500
Well your ASCII diagram doesn't exactly show what you word in your email...
but... your solution might be as simple as this:
++++++++++++++
++ Internet ++
++++++++++++++
||
++++++++ +++++++++
+Linux + ...DMZ... +FreeBSD+ (holds a
+FW/GW + +httpd + public address)
++++++++ +++++++++
|| -> NAT (Network
++++++++ Address
+ HUB + Translation)
+ or +
+Switch+
++++++++
/ | | \
/ | | \
PC PC PC PC (All PCs hold private addresses)
|| = Ethernet and ... = Ethernet
-- NOTE: Hopefully the diagram didn't get too munged in text formatting --
Now all your PCs can still share files via Net BIOS and you can share an
internet connection that is protected by a firewall. If you require servers
that are accessible by the outside (HTTPd, SMTPd, FTPd...) Then you'll need
a DMZ as shown by the dotted connection.
But I'm a bit confused by your "only one Ethernet connection in my lab"
statement. I assume you mean only one Ethernet connection in your lab to
the rest of the network at large -- and not -- We run token ring in the lab,
but have an Ethernet connection to the outside. If so, you should be fine
with the above.
I feel I would be remiss if I didn't say that using a Linux firewall like
iptables, ipchains, and fwtk (or any firewall product for that matter) can
be a daunting task for a neophyte. In MANY cases the added security and
logging of a non-appliance based firewalls may not be required for what you
do. Deploying a Linux box (Solaris box, Win2K box), whether acting as
firewall or not, haphazardly is not a very responsible thing to do either
for yourself, your group or the rest of the internet at large. Its a
question you'll have to ask yourself...
If your really interested in building AND maintaining a firewall for your
group, I'd suggest at least getting and reading
http://www.oreilly.com/catalog/fire2/.
> -----Original Message-----
> From: Juan Mejia P. [mailto:jmejia@uchile.cl]
> Sent: Monday, December 17, 2001 11:50 PM
> To: security-basics@securityfocus.com
> Subject: Secure ftp server?
>
>
> Hello guys,
> I need to set up a way to share files between my win box and
> the rest of the Lan at my department. Recently I set a linux
> box to act as a firewall and gateway to share the only
> one ethernet
> connection in my lab, I know a hub would have been a better
> solution to share one internet connection but it was sort of
> a challenge for a beginner in linux:
>
> LAN *******
> internet ******* ******* *******-----* win1*
> ---------*win *---*win *----*linux* *******
> (no prot- ******* ******* *******-----------*******
> ection) * win2*
> *******
>
>
> The problem now is that I am no longer able to share files
> using the (in)famous network neighborhood, I have thought of
> a ftp server but I am afraid of hackers as I still don't have
> enough knowledge to properly secure the linux box. Up to now,
> I have no services (so no open ports) on this linux but I am
> in need of some way to share the files between the two
> computers behind the firewall and the rest of the boxes
> outside it.
>
> Please help me pointing me to a right solution: is ftp the
> way to go?, could it be ssh? (but I don't want to give users
> a shell, only need they be able to access some files from my
> computer and viceversa).
>
> thanks in advance for your help
>
> Best regards and greetings from Chile,
>
> Juan mailto:jmejia@uchile.cl
>
- Previous message: Michael Dupree, Jr.: "Re: Secure ftp server?"
- In reply to: Juan Mejia P.: "Secure ftp server?"
- Next in thread: Ivan Hernandez Puga: "RE: Secure ftp server?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
