Re: [LAD] [ot] - NEED some security advise PLEASE!

2009-02-15 Thread Arnold Krille
On Sunday 15 February 2009 00:43:17 Fons Adriaensen wrote: On Sat, Feb 14, 2009 at 11:55:13PM +0100, Julien Claassen wrote: 8226 ?Ss 0:00 sshd: unknown [priv] 8227 ?S 0:00 sshd: unknown [net] Just before that I only saw sshd [accept] and sshd [net].

Re: [LAD] [ot] - NEED some security advise PLEASE!

2009-02-15 Thread Frank Barknecht
Hallo, Arnold Krille hat gesagt: // Arnold Krille wrote: I have a script that filters the log-files for invalid user, extracts the IP and adds it to the RECENT table (which is used for blocking for five minutes). But some of these attackers have botnets which means a lot of IP's to be

Re: [LAD] [ot] - NEED some security advise PLEASE! + new question

2009-02-15 Thread Luis Garrido
I need to set up a machine as a router. One side is a fixed public IP address, the other side is a local net using 192.168.1.x. I want to give internet access to the machines on the local net, so this requires (AFAIK) NAT. Anyone has a pointer to a good tutorial about how to do this ?

[LAD] Re : [ot] - NEED some security advise PLEASE! + new question

2009-02-15 Thread Sylvain HENRY
A weakly related OT question: I need to set up a machine as a router. One side is a fixed public IP address, the other side is a local net using 192.168.1.x. I want to give internet access to the machines on the local net, so this requires (AFAIK) NAT. Anyone has a pointer to a good

Re: [LAD] Re : [ot] - NEED some security advise PLEASE! + new question

2009-02-15 Thread Luis Garrido
I think you just need to enable ip_forward on the router: Necessary, but not sufficient. If you do just that without performing some kind of SNAT your router will deliver packets with private addresses to your provider, who will promptly throw them in the waste bin. L

Re: [LAD] [ot] - NEED some security advise PLEASE! + new question

2009-02-15 Thread Jörn Nettingsmeier
Luis Garrido wrote: I need to set up a machine as a router. One side is a fixed public IP address, the other side is a local net using 192.168.1.x. I want to give internet access to the machines on the local net, so this requires (AFAIK) NAT. Anyone has a pointer to a good tutorial about how

Re: [LAD] [ot] - NEED some security advise PLEASE! + new question

2009-02-15 Thread Steve Lindsay
On Sun, Feb 15, 2009 at 9:57 PM, Fons Adriaensen f...@kokkinizita.net wrote: A weakly related OT question: I need to set up a machine as a router. One side is a fixed public IP address, the other side is a local net using 192.168.1.x. I want to give internet access to the machines on the

Re: [LAD] [ot] - NEED some security advise PLEASE!

2009-02-15 Thread Arnold Krille
Hi, On Sunday 15 February 2009 11:39:09 Frank Barknecht wrote: Arnold Krille hat gesagt: // Arnold Krille wrote: From my experience using key-logins only helps when you have only linux users. Most windows people don't really understand the concepts of security, public keys and such. True,

Re: [LAD] [ot] - NEED some security advise PLEASE! + new question

2009-02-15 Thread Kjetil S. Matheussen
Fons Adriaensen: ... And if it's a public server, I'd rather not have anybody logging in through ssh who is not capable of dealing with key logins. I disabled password logins through ssh on my public machines. That seems to be the best way to deal with it. A weakly related OT question: I

Re: [LAD] [ot] - NEED some security advise PLEASE! + new question

2009-02-15 Thread Luis Garrido
/sbin/rmmod ipchains /sbin/modprobe iptable_nat /sbin/modprobe ip_conntrack_ftp /sbin/modprobe ip_nat_ftp /sbin/iptables -F -t filter /sbin/iptables -Z -t filter /sbin/iptables -X -t filter /sbin/iptables -F -t nat /sbin/iptables -Z -t nat /sbin/iptables -X -t nat /sbin/iptables -P

Re: [LAD] [ot] - NEED some security advise PLEASE! + new question

2009-02-15 Thread Gene Heskett
On Sunday 15 February 2009, Fons Adriaensen wrote: On Sun, Feb 15, 2009 at 11:39:09AM +0100, Frank Barknecht wrote: ... And if it's a public server, I'd rather not have anybody logging in through ssh who is not capable of dealing with key logins. I disabled password logins through ssh on my