From: /dev/rob0 <rob0@gmx.co.uk>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] how to configure linux in production line
Date: Thu, 02 Jun 2005 11:34:14 +0000 [thread overview]
Message-ID: <429EEEB6.8050201@gmx.co.uk> (raw)
In-Reply-To: <20050602093757.8311.qmail@web41011.mail.yahoo.com>
Gonn Star wrote:
> I am new in linux world,basically I'm using red hat 9
> kernel 2.4.20-8. I need to build a trusted gateway. my
Whoa! You are starting out with something very old and bug-ridden. You
should scrap that and switch to a current release, whatever distro you
may choose.
Quite a few of those old bugs can bite very hard, including root
compromises. Being new, did you know how to update for security? Sure,
there's Fedora Legacy which may or may not be supporting the old stuff
with updates, but that is intended for people who have long-running
stable servers ... not to entice new users to RH 9.
> linux box will be the gateway for several machine PCs
> to go to the desired server. there will be several
> subnets under the linux box, I've already assigned
> static IPs for the PCs . Now my problem is I only need
> 2 PCs from each subnets to connect to certain servers,
> and those 2 PCs can only have transaction(open) to the
> specified servers, for others it will
> drop(firewalled). for other PCs, they can't log on to
> the outside world. should I use only iptable rules or
> with the help of squid(ACL) as well ?
You do not seem to understand that HTTP is just one of many TCP/IP
protocols, and yet you want to set up complex networking controls.
Anyone who knows more than you do would likely find it a trivial task to
get around your controls.
> please add up the commands as well. Thanks.
Specific questions which show that you have tried will tend to be
better-received than generalised requests for spoonfeeding. I do things
like this for a living, and I do not have time to earn your living as well.
You mention "production" which implies that this is needed in a business
setting. If so it's probably worth it to the business owners to pay for
expertise. You can't learn everything you need to know, overnight.
For you, I would recommend starting with the basics. There are good
HOWTOs at netfilter.org which might help.
--
mail to this address is discarded unless "/dev/rob0"
or "not-spam" is in Subject: header
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
next prev parent reply other threads:[~2005-06-02 11:34 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-06-02 9:37 [LARTC] how to configure linux in production line Gonn Star
2005-06-02 9:57 ` Sylvain BERTRAND
2005-06-02 11:34 ` /dev/rob0 [this message]
2005-06-02 15:46 ` Taylor, Grant
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=429EEEB6.8050201@gmx.co.uk \
--to=rob0@gmx.co.uk \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.