<<O>> Difference Topic LacieSystemSetup (5 - 07 Oct 2009 - Main.PetrMalat) |
<<O>> Difference Topic LacieSystemSetup (4 - 29 Sep 2009 - Main.PetrMalat) |
Line: 1 to 1 | ||||||||
---|---|---|---|---|---|---|---|---|
System setup | ||||||||
Line: 16 to 16 | ||||||||
Repeat this for all your users. | ||||||||
Changed: | ||||||||
< < |
Recommended softwareFTP server - vsftpdI tested various FTP servers in debian and the best results I've got with vsftpd.InstalationBecause vsftpd is included in debian, instalation is very simple:aptitude install vsftpd ConfigurationUPnP multimedia server - Media TombInstalationMediatomb is also included in debian:aptitude install mediatomb-daemon ConfigurationFile sharing: bittorent, donkey, gnuttela... - MLDonkeyInstalationConfigurationGUI: KMLDonkeyFirewall setupBridged connectionThis is situation, which I use, so the description is more detailed. My network configuration is shown below:switch WiFi _______ _____ ISP ----| VLAN1 | eth0 | | eth1 \|/ . . . . . . NTB1 | ~~~~~ |-------| br0 |--------| . . EDMini ----| | |_____| | . . . . | V | . . . . NTB2 PC1 ----| L | . | A | . PC2 ----| N | . Nokia N95 | 0 | PC3 ----|_______|I use switch which is able to tag packets according the incomming port. It is configured to distinguish between traffic from outside my network (ISP) and my home network traffic. All networks (vlan0, vlan1 and eth1) are bridged together, as my ISP provides enougth IP addresses. I consider my network secure as the wifi is protected by WPA2 and when someone is able to hack cable connection, he can also easily grabs the computers. Becouse some services I use doesn't support password protection, filtering is required. It can be done using ebtables. Command scheme is following: ebtables -I FORWARD -i __INCOMING_INTERFACE -p IPv4 --ip-protocol __PROTOCOL --ip-destination-port __PORT_NUMBER -j DROPwhere
ebtables -I FORWARD -i vlan1 -p IPv4 --ip-protocol tcp --ip-destination-port 2049 -j DROP Routed connectionIn case of routed connection, use iptables. Commands will looks like this:iptables -I FORWARD -i __INCOMING_INTERFACE -p __PROTOCOL --dport __PORT_NUMBER -j REJECTwhere
Filtering on EDMiniIf you want to do filtering on EDMini, use following command to reject all packets except these originating from __ALLOWED_IP:iptables -I INPUT -i __INCOMING_INTERFACE -s ! __ALLOWED_IP -p __PROTOCOL --dport __PORT_NUMBER -j REJECTwhere
Services protocols and port numbers
| |||||||
> > |
Continue with LacieRecommendedSoftware | |||||||
Added: | ||||||||
> > |
|
<<O>> Difference Topic LacieSystemSetup (3 - 25 Sep 2009 - Main.PetrMalat) |
Line: 1 to 1 | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
Added: | ||||||||
> > |
System setupCreate users and groupsThe best for some services setup is to create users and groups with the same numbers as you use on the desktop. Use program id on your desktop to obtain UID and GID. For example, runnig id on my desktop returns:uid=1000(petr) gid=1000(petr) skupiny=20(dialout),24(cdrom),25(floppy),29(audio),44(video),46(plugdev),111(netdev),115(powerdev),1000(petr)That means I have to create group petr with GID 1000: addgroup --gid 1000 petrAnd than user petr with UID 1000 in group petr: adduser --uid 1000 --gid 1000 petrRepeat this for all your users. | |||||||
Recommended softwareFTP server - vsftpd |
<<O>> Difference Topic LacieSystemSetup (2 - 24 Sep 2009 - Main.PetrMalat) |
Line: 1 to 1 | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
Added: | ||||||||
> > |
Recommended softwareFTP server - vsftpdI tested various FTP servers in debian and the best results I've got with vsftpd.InstalationBecause vsftpd is included in debian, instalation is very simple:aptitude install vsftpd ConfigurationUPnP multimedia server - Media TombInstalationMediatomb is also included in debian:aptitude install mediatomb-daemon ConfigurationFile sharing: bittorent, donkey, gnuttela... - MLDonkeyInstalationConfigurationGUI: KMLDonkey | |||||||
Firewall setupBridged connection | ||||||||
Line: 19 to 42 | ||||||||
PC3 ----|_______| | ||||||||
Added: | ||||||||
> > | I use switch which is able to tag packets according the incomming port. It is configured to distinguish between traffic from outside my network (ISP) and my home network traffic. All networks (vlan0, vlan1 and eth1) are bridged together, as my ISP provides enougth IP addresses. | |||||||
Added: | ||||||||
> > |
I consider my network secure as the wifi is protected by WPA2 and when someone is able to hack cable connection, he can also easily grabs the computers. Becouse some services I use doesn't support password protection, filtering is required. It can be done using ebtables. Command scheme is following:
ebtables -I FORWARD -i __INCOMING_INTERFACE -p IPv4 --ip-protocol __PROTOCOL --ip-destination-port __PORT_NUMBER -j DROPwhere
ebtables -I FORWARD -i vlan1 -p IPv4 --ip-protocol tcp --ip-destination-port 2049 -j DROP | |||||||
Deleted: | ||||||||
< < |
Routed connection | |||||||
Added: | ||||||||
> > |
Routed connectionIn case of routed connection, use iptables. Commands will looks like this:iptables -I FORWARD -i __INCOMING_INTERFACE -p __PROTOCOL --dport __PORT_NUMBER -j REJECTwhere
Filtering on EDMiniIf you want to do filtering on EDMini, use following command to reject all packets except these originating from __ALLOWED_IP:iptables -I INPUT -i __INCOMING_INTERFACE -s ! __ALLOWED_IP -p __PROTOCOL --dport __PORT_NUMBER -j REJECTwhere
Services protocols and port numbers
| |||||||
Deleted: | ||||||||
< < | -- PetrMalat - 24 Sep 2009 |