hi jakob,
thanks a lot for your help. Have deleted inetd, portmapper, and apache. All the
other stuff I don't have had installed. I thought about, that services like
nfs, samba, squid etc. are not recommended for a bastion.
But ... I never made a "portscan", because there was no need until now. Was
looking in the man pages, in the doc-files, but don't find such a thing. So
your help would be very welcome.
For mails, have I to use any mailagent on the bastion or not ? I have planned
an extra mailserver, so I think, it's not necessary to leave a mailagent on a
bastion-host. Am I right there ?
In one of my books, called "present within the internet" and "setting up a
firewall" I found recommends of about the following structure :
internet (router) <---> bastion
|
|
web-server ---------mail-server --------- ftp-server ---- (i.e)
|
|
internal firewall
|
|
Intra-net --- workstations --- workst...
My bastion have 2 ethercards, one with an official IP-address, the other one
with a privat IP-address. The webserver also have one privat IP-address and one
official address, mail- and ftp only have official addresses and last not
least the internal firewall has an offical and a privat address. Acting as a
gateway. Or is this a bad idea ? Should the ftp-server be a gateway between
the internal firewall and the official net ?
Thanks in advance for helping
bye hans schneidhofer
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
