<<O>>  Difference Topic LacieSystemSetup (1 - 24 Sep 2009 - Main.PetrMalat)
Line: 1 to 1
 
META TOPICPARENT name="LacieEDMiniV2"
Deleted:
<
<

Recommended software

FTP server - vsftpd

I tested various FTP servers in debian and the best results I've got with vsftpd.

Instalation

Because vsftpd is included in debian, instalation is very simple: 
aptitude install vsftpd

Configuration

UPnP multimedia server - Media Tomb

Instalation

Mediatomb is also included in debian: 
aptitude install mediatomb-daemon

Configuration

File sharing: bittorent, donkey, gnuttela... - MLDonkey

Instalation

Configuration

GUI: KMLDonkey

 

Firewall setup

Bridged connection

Line: 42 to 19
  PC3 ----|_______|

Deleted:
<
<		 I use switch which is able to tag packets according the incomming port. It is configured to distinguish between traffic from outside my network (ISP) and my home network traffic. All networks (vlan0, vlan1 and eth1) are bridged together, as my ISP provides enougth IP addresses.

I consider my network secure as the wifi is protected by WPA2 and when someone is able to hack cable connection, he can also easily grabs the computers. Becouse some services I use doesn't support password protection, filtering is required. It can be done using ebtables. Command scheme is following: 
ebtables -I FORWARD -i __INCOMING_INTERFACE -p IPv4 --ip-protocol __PROTOCOL --ip-destination-port __PORT_NUMBER -j DROP
where
  • __INCOMING_INTERFACE is where the ISP is connected - vlan1 in my case.
  • __PROTOCOL is transport layer protocol - tcp, udp, sctp etc.
  • __PORT_NUMBER is service port number
For example I can filter NFSv4 with following command: 
ebtables -I FORWARD -i vlan1 -p IPv4 --ip-protocol tcp --ip-destination-port 2049 -j DROP
 

Routed connection

Deleted:
<
<		 In case of routed connection, use iptables. Commands will looks like this: 
iptables -I FORWARD -i __INCOMING_INTERFACE -p __PROTOCOL --dport __PORT_NUMBER -j REJECT
where
  • __INCOMING_INTERFACE is where the ISP is connected.
  • __PROTOCOL is transport layer protocol - tcp, udp, sctp etc.
  • __PORT_NUMBER is service port number

Filtering on EDMini

If you want to do filtering on EDMini, use following command to reject all packets except these originating from __ALLOWED_IP: 
iptables -I INPUT -i __INCOMING_INTERFACE -s ! __ALLOWED_IP -p __PROTOCOL --dport __PORT_NUMBER -j REJECT
where
  • __INCOMING_INTERFACE is where the ISP is connected.
  • __ALLOWED_IP packets from this IP will not be rejected
  • __PROTOCOL is transport layer protocol - tcp, udp, sctp etc.
  • __PORT_NUMBER is service port number

Services protocols and port numbers

  • NFSv4: TCP 2049
  • UPnP Media Server (mediatomb):
  • SSH server (dropbear): TCP 22
  • MLDonkey Web Interface: TCP 4080
  • MLDonkey GUI Interface: TCP 4001
 

Added:
>
>

-- PetrMalat - 24 Sep 2009


ViewHistory: r5 | r4 < r3 < r2 < r1 • More