General :: Recommendation For Firewall Server?
Apr 1, 2009
After metering the power being used daily in my computer room, I decided that I needed to get somewhat greener. So I am updating all my equipment and getting rid of the old towers and power hungry equipment. So far so good, except for the box running Smoothwall.
It is an old IBM 300GL from the '90s that is apparently never going to die. But it is noisy and not exactly low powered and has to be on all the time. The only machines that I have presently that can be used as a replacement are full blown AMD 3000 and 6000's, and I hate to waste one of those just to be a firewall. I can find some mini cube systems that are very low powered - some even run on just a wall cube - but can't find one with two ethernet ports, and of course there is no plugin buss on a tiny box.
View 6 Replies
ADVERTISEMENT
Jul 10, 2010
We are working on a new ERP for the company. This will run in MySQL 5.1.x, the GUI will be Web, the language PHP. This is a big project, is a good option to have the 3 applications in the same server or is better to have Mysql on 1 server and httpd+php on other server?
Speaking that I want to virtualize this app with Xen on Centos 5.5 as Host and the guest's will run Ubuntu.
View 3 Replies
View Related
Sep 13, 2010
I am searching for a recommendation on a video card replacement for my home server. I currently have a BFG Geforce 7300GT and looking for simpler, less power hungry videocard. It is running slackware 13.1 and XFCE as the DE but I dont normally have the X server running because there is no monitor attached to the machine... Only if I have problems I can hookup a 15" LCD. No hardcore computation, no video/graphics programs, like i said, mostly VNC sessions (if need be) and networked services and mainly used for storage (NFS).
The machine has roughly the following components:
MSI k9n platinum mobo
Athlon 64 x2 CPU
1GB ram
3X 1.5TB SATA2 HDD's
[Code]...
View 14 Replies
View Related
Feb 11, 2010
how to implement proxy server with firewall and the client users should be authinticated by asking username & password while opening their web browsers and finally i want to see the websites visted list of all the client computers On cent os 5.3
View 1 Replies
View Related
Apr 4, 2011
Is it safe to put Samba Server outside your Firewall?
View 4 Replies
View Related
Mar 3, 2010
I have been contemplating switching to Linux for some time now, frankly because I'm tired of the blue screens and viruses, the slow speeds, low customization, new versions of programs coming out after years of waiting, high costs/no sharing. As for Apple, I'm not a fan of Steve Jobs going from share-ware to locked down apps and frankly I despise the whole Apple company for that and its high prices. my first HP ever crashed so coming in is a new Dell with details to follow on it - this particular Dell doesn't fit with my habit of getting everything thats the newest thing out, but its close enough to what I had and was a "fast track" item, meaning built and ready to ship. Also, always owned Dells in the past with no problems.
I use my computer for movies, music, internet, e-mail, the occasional spreadsheet and word document as well as games that perk my interest every once in a while. I heard Ubuntu would be good, with Wine to be able to run the occasional Windows based program correctly. I was looking at a dual setup which I would switch to a single set-up if I became extremely comfortable with Linux.
View 6 Replies
View Related
Jan 25, 2010
For some time now, I'm having some problems with configuring an NFSv4 server to let it work with a firewall. I've already searched to web, but I was unable to find a solution that works for me.
The situation is as follows:
I'm trying to connect an NFS client to an NFS server that is behind a firewall. I don't have access to this firewall, but I can contact the administrator to open some ports for me. I already did this for opening port 2049.
The result is that the client can read files from the server, but is unable to write files to the server. I believe that for writing an extra RPC-connection needs to be set up. However, the ports on which the RPC-connection is set up, seem to be different for every connection (I verified this using 'netstat -tn').
Clearly, this is a problem since the server is protected by the firewall.
Thus, what I want to do is configure the server in such a way, that it always uses the same server-side port(s) to connect with the writing clients (just like 2049 for reading). I've already tried to configure the /etc/default/nfs-kernel-server and /etc/default/nfs-common files, but that hasn't really worked out yet.
Note: Because I don't like to contact the system admin every day, I hooked up 2 computers (client/server) on which I set up the same configuration (without the firewall). I'd like to see it working on those machines first (that is, 'netstat -tn' showing the correct port), before I contact the admin to open some extra ports.
View 2 Replies
View Related
Dec 2, 2010
Do any of you have a favorite multifunction printer that you would recommend? I am abt ready to replace an oldie and would like to get something that works well with Linux - esp the scanner.
View 6 Replies
View Related
Mar 10, 2011
I have a visichat site and 1and1 server.
i am having a problem of my firewall.
when i activate firewall from my server account users cant login to chat room. the error occured " Connection To Server Failed".
will anybody let me know how can i fix this problem so that i can active my firewall and also users can login.
View 2 Replies
View Related
Jan 25, 2011
I will be relocating to a permanent residence sometime in the next year or two. I've recently begun thinking about the best way to implement a home-based network. It occurred to me that the most elegant solution might be the use of VM technology to eliminate as much hardware and wiring as possible.My thinking is this: Install a multi-core system and configure it to run several VMs, one each for a firewall, a caching proxy server, a mail server, a web server. Additionally, I would like to run 2-4 VMs as remote (RDP)workstations, using diskless workstations to boot the VMs over powerline ethernet.The latest powerline technology (available later this year) will allow multiple devices on a residential circuit operating at near gigabit speed, just like legacy wired networks.
In theory, the above would allow me to consolidate everything but the disklessworkstations on a single server and eliminate all wired (and wireless) connections except the broadband connection to the Internet and the cabling to the nearest power outlets. It appears technically possible, but I'm not sure about the various virtual connections among VMs. In theory, each VM should be able to communicate with the other as if it was on the same network via the server data bus, but what about setting up firewall zones? Any internal I/O bandwidth bottlenecks? Any other potential "gotchas", caveats, issues? (Other than the obvious requirement of having enough CPU and RAM).Any thoughts or observations welcome, especially if they are from real world experience in a VM environment. BTW--in case you're wondering why I'm posting here, it's because I run Debian on all my workstations/servers (running VirtualBox as a VM for Windows XP on one workstation).
View 14 Replies
View Related
Apr 21, 2010
I have a small home-office network. On that network I have two linux computers, one is a client the other a server.
On the server I have NFS Server setup and mount some NFS exports on the client computer.
On the server I have the firewall on and here it becomes a little tricky.
Since both the server and the client connect to the router the interface (eth1) is theoretically both an internal & external zone.
The router is commercial grade and therefore has a good firewall on it which is also setup. Therefore the firewall on the server is really more of a backup than a necessity. But that's fine, and by having the server's firewall on 'fail2ban' is able to work which I like to have working so I don't want to just turn off the server firewall even though I have good security from the router.
However, when I turn on the server's firewall, the client computer cannot see the NFS server when scanning for server -- done by: clicking on "Choose" next to "NFS Server Hostname" when adding an NFS share in the NFS Client in YaST. Clearly something is being blocked even though I have both "NFS Client" and "NFS Server Service" allowed in the server firewall. The Firewall config. files for these are below.
The Firewall configuration is pretty much "out of the box". That is I have the services I need opened up for the external zone, the other zones are left at their default which means the internal zone, although not used (i.e.: attached to any interface), is completely open.
The perfect solution I guess would be to setup my client computer to connect through a different NIC (perhaps eth0), make that the "Internal Zone" and therefore allow all traffic through to it while still blocking the server from the external zone. However, I cannot make that physical change to my network for now so I am looking for an in between (non-perfect) solution.
In this case I am guessing that means opening up extra NFS ports to the external zone so I have full NFS functionality. I don't mind this because like I said, the router firewall is the main line of defense anyway.
So, given all of the above could someone tell me what I would need to additionally open up in the server firewall to make the NFS server detection work on the client while the firewall was on. Or, if you have a cleverer/better solution without me changing my physical network that would be great.
Hopefully I have written this in enough detail and clearly enough so that all the parameters are clear but if not, feel free to ask me what you like and I'll try to make it clear.
Code:
## Description: Firewall Configuration for NFS kernel server.
#
# Only the variables TCP, UDP, RPC, IP and BROADCAST are allowed.
# More may be supported in the future.
code....
View 6 Replies
View Related
Jun 8, 2009
I'm using CentOS 5.3, and I want to allow my samba server from selinux. I disabled my selinux and it works fine, but I want to keep my seline firewall on and want to allow other workstation to access my samba server.
View 8 Replies
View Related
Jun 27, 2011
i m unable to ssh my one centos 5.6 remote server from my one server
Code:
ssh -v root@sxyz.abc.com
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
[code]...
i even turn off all firewall rules on both server i can able to ssh from my home or any other pc to remote pc so i don't think there is any problem in target pc
View 9 Replies
View Related
Mar 25, 2011
I suspect this is an initial configuration bug. All firewall logs seem to be going to all
three files. That causes a lot of clutter in the log files, and makes it difficult to see whether there are any serious problems being logged.
View 9 Replies
View Related
May 18, 2010
I am learning to setup firewall in my home for that i have selected four system(sys1,sys2....sys4) for testing .I have configured sys2 to act as a firewall with two NIC. sys3 and sys4 are inside the firewall . sys1 is not connected to firewall for testing purpose.
the IP assignments are follows :
sys1 : ( fedora, not connected to firewall i am thinking, But i am not sure )
IP : 192.168.2.1 ,
gateway : blank
dns1 : blank
dns2 : blank
sys2 firewall ,IPTABLES )
code....
what happened is that sys1(not connected to firewall) can ssh to sys4(connected,inside firewall),since the rules are written not to ssh form sys1 to sys4..
then I came to know whatever the request I give, It directly goes as sys1 --> sys4. Not as sys1-----> sys2(firewall)---> sys4 .and the firewall is not filtering and processing anything for both inbound and outbound (i think it's my mistake some where). the requests are directly going inside without firewall.
View 3 Replies
View Related
May 27, 2011
I'm trying to build firewall on Debian with 'Firewall Builder'. But it won't let me compile and run unless one interface is set as management. There are two interfaces on my computer: 'eth0' and 'lo'
I don't want to be able to configure firewall remotely, so could I use 'lo' as 'management interface'?
View 1 Replies
View Related
Aug 9, 2010
I am looking for a layer 7 firewall. I have to redirect rtmp requests for different hostnames coming at a gateway to internal servers at LAN at their respective hostnames.
Code:
IPTABLES some stuff -p rtmp -hostname to server 1
like that.
Or if not IPTABLES then some other feasible solution.
View 2 Replies
View Related
Feb 24, 2010
I've been setting up NIS for the first time. When I have the firewall on, the NIS client can't find the NIS server. When the firewall is off, it can. These are both on the same computer (the server).I have both the NIS client and server opened in the firewall -- all the setup has been done through yast so far.
Is there something else that needs to be done that I missing? Or if not, perhaps it just a minor setup bug in the scripts in which case could someone tell me what ports I would additionally need to open manually in the firewall to make it work that wouldn't already be opened?
On a different note, in a recent discussion on another thread someone told me that openSUSE was going to be unsupported from around May this year -- has anyone heard of this or should I just ignore it? I thought with 40k users registered on the website Novell would find something better to do with all of us rather that just drop us so I am a little skeptical.
View 9 Replies
View Related
Aug 1, 2009
I got 2 servers, each on different locations (server 1 and server 2). I want all traffic on server1 included web browsing, applications etc., be always going through server2, like a gateway. I want the traffic to be encrypted (maybe use VPN?) So if I browse, or any logs pick up ip adresses from applications used by server1, I want it to display the IP address from server2 (Might be the wrong way to say it).
I always wants server2 to act as an firewall and logserver that logs all the traffic. I was thinking about using Snort for IPS/IDS solutions and OpenVPN for the traffic, but what can I use as a firewall? Most firewalls I find on google has its own OS/Distribution. Maybe Squid for logs? But squid does not support much protocols. Distribution on both servers are updated Debian/Ubuntu based.
View 3 Replies
View Related
Oct 20, 2010
I'm trying to configure a messaging system based on php script with iptables, rsyslog and mysql. In the firewall server Sendmail is istalled so i'd like to use it to receive messages in the main mail server, located in DMZ. In the Lan i've configured another linux server than works perfectly, sending mail messages to the server located in DMZ. After looking for some solution I've tried to configure sendmail to relay mail to the server but the only thing I reached is the following message: "Deferred: Connection refused by mail.server.com" message rest on queue and flushing it reply
[Code]...
View 2 Replies
View Related
Jan 7, 2010
I have vsFTPd running on my server. If I connect via 127.0.0.1, then all is well and I can use the "ls" command to get a directory listing. However when trying this remotely, the FTP client hangs and I do not get a directory listing.
View 4 Replies
View Related
Feb 19, 2011
I am having trouble with yahoo audio/video voice calls. I am behind squid firewall on WAN. I have asked my IT Admin to open the audio/video ports. He have open the ports but still the audio/video buttons are disabled on chat window.
View 7 Replies
View Related
Jan 4, 2010
I wanted to set up a secure FTP server with proftpd so I can put some large files on the web for my pops. Here is my problem, I use a clearwire modem that won't allow you to change any of the settings but appears to have some pre-set firewalling capabilities. I also have a linksys wireless router connected to the modem. That firewall has all the port forwarding settings ready to go, and there hasn't been an issue with anything else, so here it goes.
I have a properly configured secure FTP setup with proftpd and the client app I'm using is Filezilla. I know it is configured right because I was able to use the FTP server via my LAN. Maybe my logic is wrong but, I was connecting to the FTP server at it's IP on the LAN of 192.168.1.5:21. If I wanted my pops to connect from out of state I would give him the ip the internet sees when I surf the web, right? Looks something like this 68.44.22.113. I should tell him to configure Filezilla to connect to 68.44.22.113:21. If my logic is wrong, please let me know, because when I try to do this I get an error that says connection refused by host.
View 13 Replies
View Related
May 9, 2011
Can we use iptables as firewall instead of Juniper firewall
View 2 Replies
View Related
Feb 23, 2010
I intend to set up a web site on a dedicated web server in colocation (containing nothing else except the server OS).Is it sufficient to make all files read only and use Apache mod_security or can a firewall offer extra necessary protection?
View 6 Replies
View Related
Apr 7, 2010
I've read tutorials and put together this IPTables firewall for my LAN fileserver. Appreciate any feedback you may have to offer:
Code:
*filter
# Flushes any current rules
-F
# Sets all default policies to DROP
-P INPUT DROP
-P FORWARD DROP
[Code]...
View 6 Replies
View Related
Jan 3, 2010
i have a server running vsftpd, and when i connect to it from the server itself using my externel ip address, everything checks ok, and i can browse files. but when i try to do the same on a windows computer on my network, this is what happens: [my externel ip is blocked out with x]
[Code]....
now mind you, my linux server is running from port forwarding from my router, which is connected to the main computer, and i have ssh and squid running as well. not sure if those two have any affect on the service. i think this is a problem with the firewall, because i have read somewhere that multiple ports need to be open for a passive ftp to work.
View 12 Replies
View Related
Mar 9, 2010
I have setup sshd_config for port 3210! I have difficult setup the iptables firewall to allow ssh on port 3210! i always enter this:
iptables -A INPUT -p tcp --dport 3210 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 3210 -j ACCEPT
but after i restart ssh, the system do not allow port 3210... why? do i forget something?
View 4 Replies
View Related
Jun 17, 2011
I wanted to implement a server for a small network, but am a bit in-experienced. The server that I want to use should be able to do load-balancing (two connections) and also act as firewall/proxy. And also it should be able to do some bandwidth management. The network that its going to serve has two parts. One part of the network should be served, say during day time,and the other during night time. The one that is going to be served at night-time should not have access to internet during day-time, but should have access to, say local mirror-server. I am a bit confused what software/hardware to use. I am planing to use EndianFirewall, but since I don't have experience, don't know if it can do all that I need (?).
View 1 Replies
View Related
Jan 27, 2011
Which ports should be open for a mail server for INPUT CHAIN? When I use firewall rules (allow just a few ports), some users complain that they're not receiving messages from other domains. When the firewall is disabled these ports show as open:
Code:
Not shown: 9987 closed ports
PORT STATE SERVICE
21/tcp open ftp
[code]....
Which ports should be enabled?
View 3 Replies
View Related
