[geeks] Fedora question regarding firewalls in general...
Dan Duncan
danduncan at gmail.com
Sat Mar 27 13:07:06 CDT 2010
On Sat, Mar 27, 2010 at 7:24 AM, Michael C. Vergallen
<mvergall at telenet.be> wrote:
> I do this on my gateway machine (sun Ultra 1) witch also acts as a (DMZ) for
> the network. Then I have the 2 server machines (one multimedia server on a
> gigabit network e.i 192.168.1.x, one for my data and all the rest
> 192.168.0.x with a bridge between both segments) who allows only local
> network connections 192.168.x.x.) now in this situation is adding extra
> firewall stuff to the 30 odd machines (The collection) & 5 workstation4s
> around the house needed ?
Just be aware that if they compromise the DMZ machine they will do one
or more of the following:
1) Use it to stage further attacks on other people (which may get YOU
in trouble)
2) Use it to stage further attacks on YOUR network
3) Sift through your data for anything interesting (including browser
cache and network mounts)
4) Delete/wreck your stuff (Consider having any nfs or smb mounts
read-only on the DMZ machine)
If they manage to compromise one of your other systems they will
repeat the above list. With that in mind, the firewall isn't a bad
idea everywhere. Only open it up as much as you really need it. You
should be able to adjust the firewall to allow anything you need. NFS
users portmapper to choose ports but in Fedora you can adjust
/etc/sysconfig/nfs to pre-determine what those ports are and set your
firewall accordingly.
--
Dan Duncan
More information about the geeks
mailing list