DSL as routerForum: DSL Tips and Tricks Topic: DSL as router started by: sputnik Posted by sputnik on Oct. 10 2005,20:03
Hello all...I have just configured my DSL to act as a router with some vpn functionality...now all i need is for it to boot completely tight so that NOONE has access to it. how can i do that?
Posted by AwPhuch on Oct. 10 2005,20:36
What did you use?? It should be locked down pretty good as long as you didnt open any IPTABLES entries directly into your DSL box Brian AwPhuch Posted by sputnik on Oct. 10 2005,23:28
OK...i didn't make myselft clear...my apologies. What I mean is..since this box will be sitting there..acting as a router, I dont want anyone manipulating it from the console. Sudo and the dsl account make it VERY accesible for anyone wanting to play around to do..welllanything they want. So i'd like it to ask for a password when it boots...and yes..i want it to boot strictly from cdrom.
Posted by mikshaw on Oct. 11 2005,02:38
Boot with the "secure" option. During the boot process you will be asked to enter a password for root and dsl.As far as i know, the default DSL setup does not allow remote connections unless you specifically allow it, so unless someone has local access to your machine you should be safe without a password. Also, this is a forum for posting tips, not questions (quote: No 'help me' type posts please). Posted by AwPhuch on Oct. 11 2005,14:40
If you want a solid and powerful "minimal" firewall then I would recommend the tried and true < SmoothWall Express 2.0 >DSL is a great desktop distro but hasnt been proven or configured for total lockdown and safety as a firewall...thus trusting your network to that might not be the best idea! I however think if they did decide to tweak the rc.firewall.dsl and make a good howto/walkthru it could be used to lockdown a DSL frugal to dang near impenatrable! Brian AwPhuch Posted by adssse on Oct. 11 2005,14:51
I have been using the rc.firewall.dsl, but how secure is it really? I am using it because I want a firewall and it was available as an extension. I dont really know much about how or why it works, therefore I really like the idea of a howto/walkthrough.
Posted by AwPhuch on Oct. 11 2005,15:46
the rc.firewall script creates a very powerful "stateful" firewall...which means everything is allowed out from the inside, but everything from outside unless the traffic was "created" from the inside is blockedA good place to start would be the source < Linux Firewall > and < Linux Firewall :: Configuration > Look at the resources section..there are alot of helpful links there... In its default for the rc.firewall is more than enuff to protect any "stand alone" machine..but tweaking it further for internet sharing and port forwarding and stuff like that will take some reading, however Im absolutely positive with a bit of knowledge and some minor tweaking you could make dsl a very powerful and secure router (1st by taking away sudo and tightening other things down) Plus by adding other simple mydsl apps such as snort (intrusion detection), squid (browser cache), and other nice firewall tools, DSL could be ready! Anyone want to work with me to take this a step further?!? Brian AwPhuch Posted by adssse on Oct. 11 2005,16:34
Thanks for the info. I will check out the links and the other apps you mentioned.
Posted by AwPhuch on Oct. 11 2005,16:48
FYII helped a guy here in Houston at the HAL - PC group put rc.firewall on his webserver box (he was running an older version of Mandrake and wanted to make sure he was secure), we opened the standard web port for his webserver, ftp, SSH, and Samba share... We even ran rkhunter to ensure he didnt have a linux trojan on there...all clean!! rc.firewall is a very very powerful and smart script and with tweaking can be even more powerful..just be careful what you open, but on say a laptop or single desktop even the unmodified "stateful firewall" will protect you quite well! Think of it as sygate personal firewall on steriods, but for (linux)! Brian AwPhuch Posted by adssse on Oct. 11 2005,22:16
Very cool, that makes me feel a bit more confident until I can learn more about it.
Posted by anon on Oct. 25 2005,22:32
What are you using for VPN?
Posted by AwPhuch on Oct. 27 2005,18:15
?? I wasnt using VPN... I use SmoothWall Express 2.0 if I want VPN I use rc.firewall if I want to protect a single machine (like a personal firewall for linux) Brian AwPhuch |