Gone Paranoid: private IP to public IP!!

[Juan Manuel Palacios]

On Saturday, June 29, 2002, at 06:26  AM, Iain Stevenson wrote:

>
> I suggest, others may add ...
>
> - go through /etc/xinetd.conf and disable anything you don't need

	That sounds easy enough, I'll get right to it. Disabling the 
services I don't need ensures that the IP ports they bind to will be 
properly closed?

> - make sure tcpwrappers is correctly installed and that 
> /etc/hosts.allow and /etc/hosts.deny are configured correctly

	My knowledge about tcpwrappers is completely null. I don't know 
what it is (service, binary, protocol... ?), where in the filesystem it 
is or even what it is for. Any words that might enlighten me on this one 
please... ?

> - don't run nfs unless you need it

	Not doing it right now and wasn't planing on it for the future. 
Thanks for the warning anyhow.

> - install gShield or some other iptables based firewall script - this 
> can block high port access amongst other things

	gShield works over iptables, with its commands and syntax? I really 
want to give iptables a good shot.

>
> If you get to the stage in future where the ports for http and ssh are 
> externally accessible you may want to install the latest versions of 
> apache and ssh too.  You would also need to make sure that 
> sendmail/postfix/exim or whatever you use to send mail is configured so 
> as not to relay mail from external systems.

	No web or mail here for now (all of it hosted off site), even 
though the "on site" need for latter may come earlier than expected. 
When I get to that cross road I'll consider my options and security 
issues. As for now, all those services remain deactivated.

>
> HTH
>
>  Iain
>
>

	Thanks for your time and your valuable suggestions. Best regards,...


		Juan.