[CentOS] Security advice, please
Anne Wilson
cannewilson at googlemail.com
Mon Mar 23 19:50:54 UTC 2009
On Monday 23 March 2009 19:33:58 JohnS wrote:
> On Mon, 2009-03-23 at 18:37 +0000, Anne Wilson wrote:
> > > Her's another example it will do what you want, your just
> > > misunderstanding it. I have 2 customers that use Netgear routers. I
> > > think your not setting up the Nat - Add Page.
> > > http://portforward.com/english/routers/port_forwarding/Netgear/DG834G/e
> > >Mule .htm One thing are you using it for the DSL or another modem/router
> > > for dsl? If your using two only one can be Natted and the other Main
> > > router in Bridged Mode.
> >
> > The router is also the DSL modem.
>
> Ahh, and a warning about that. Make sure after you get the port fowarding
> working that the router is not wide open. Meaning every port open. Zyxel
> and Netgear are very similiar in design (software) and both of them have
> this problem. This only occurs when it is in the routing mode
>
As far as I can see it defaults to outward traffic being open, but inward
traffic blocked apart from the rules I set.
> > OK - I'm thick. I've looked at that page and seen only what I'm already
> > familiar with. Please, in plain English, how do I set ssh to come in on
> > port 22022 (service called ext-ssh already set up for that) to be
> > forwarded to 192.168.0.xx port 22?
>
> If you can hold your horses I may can tell you in Plain Eng later on. At
> the moment I am not directly in front of one and the ones I have access
> to can not be accessed over the WAN. This would be later EST Time
> Tonight.
>
It's not hugely urgent - I'd like to get it set up and working before the end
of the week. If you reply later today I'll see it tomorrow, and that is just
fine.
> It gives you a choice of what ports you want the service to use. You
> simply have to enter the numbers into the empty boxes (choose Custom
> Service). IE; you will have to make a Custom Service.
>
> Looking at your port choice from a Social Engineering Stand Point your
> defeating the purpose of port masking. Choosing port 22022 tells me that
> you have ssh running on a server. Non the less you can also do what
> Steve said.
>
I'll look at both options, once I've seen your next reply. I'm aware that
this is not locked-down security, just that it will deter the casual poke-
around merchants. Once I'm convinced that I have it working it will be
disabled except for the periods when I'm away from home. (I do know that
works, because last time I was away I forgot to re-enable the imap service,
and I couldn't get in.)
Anne
--
New to KDE4? - get help from http://userbase.kde.org
Just found a cool new feature? Add it to UserBase
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.centos.org/pipermail/centos/attachments/20090323/fdeada62/attachment.sig>
More information about the CentOS
mailing list