I'll give it a Go! Thanks for the advice!
-----Original Message----- From: Aubrey Wells [mailto:[EMAIL PROTECTED] Sent: Friday, November 02, 2007 9:12 PM To: Justin Fletcher Cc: Jaime A. Vargas; vyatta-users@mailman.vyatta.com Subject: Re: [Vyatta-users] basic router config. question I agree. I usually turn off everything inbound, and everything outbound except http/ssl, pop3/smtp, and things like AIM/ICQ/Yahoo IM then start opening stuff up as people complain about X not working. For the inbound, unless you're hosting something like a web server, leave everything blocked except related/established. Maybe allow ssh to the vyatta box if you want to be able to remotely manage it. That should lock you down pretty well. For the more adventurous among us, you can allow everything outbound, and block everything inbound except related/established. ------------------ Aubrey Wells Senior Engineer Shelton | Johns Technology Group A Vyatta Ready Partner www.sheltonjohns.com On Nov 2, 2007, at 6:49 PM, Justin Fletcher wrote: > Frankly, I'd start with blocking everything on the WAN interface, then > open up only those services you really need. It's otherwise a little > disconcerting to see a thousand attampted logins from unknown users > ;-) > > Make sure you enable TCP established so connections from the LAN are > permitted back in, of course. > > Best, > Justin > > On Nov 2, 2007 3:35 PM, Jaime A. Vargas <[EMAIL PROTECTED]> wrote: >> >> >> I am planning to configure vyatta VC3 for basic broadband usage in a >> small busieness evironment. Something like: >> >> LAN----------Vyatta----------WAN >> >> Nothing to fancy really, all I am missing from my current config are >> the firewall rules. I followed the example in the KB to configure >> blocking ICMP, what else do I need to block to achieve an acceptable >> level of security? or does NAT take care of that already? I know this >> is such a n00b question, but I am honestly trying, all those small >> business routers out there just don't cut it. >> >> Advise? thanx in advance >> _______________________________________________ >> Vyatta-users mailing list >> Vyatta-users@mailman.vyatta.com >> http://mailman.vyatta.com/mailman/listinfo/vyatta-users >> >> > _______________________________________________ > Vyatta-users mailing list > Vyatta-users@mailman.vyatta.com > http://mailman.vyatta.com/mailman/listinfo/vyatta-users _______________________________________________ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
