[TriLUG] LAN/WAN interface question
Jon Carnes
jonc at nc.rr.com
Mon Feb 16 11:54:08 EST 2004
On Mon, 2004-02-16 at 11:41, Jeremy Portzer wrote:
> On Mon, 16 Feb 2004, Mike M wrote:
>
> > I need to open one server on my LAN to an outsider. My Linksys
> > router appliance (BEFSR11) doesn't seem to be up to the job. I think
> > it's time to upgrade to Linux.
> >
> > Reqs:
> >
> > * Allow a certain static IP address to ssh to a single server. (THis is
> > the requirement the appliance doesn't seem to support.)
>
> Even though the appliance may not support this option, you can certainly
> restrict which IP address can connect via ssh with iptables on the local
> server, and/or with the sshd configuration file. This single issue isn't
> really a reason to ditch the appliance IMO, but certainly setting up a
> Linux firewall/router would be a good exercise.
>
> --Jeremy
I agree with Jeremy. You can use the DMZ option of the Linksys router to
put this box in a DMZ, and then run a firewall on the box to limit the
access by IP.
Of course, you could also spend $30 on a used laptop or pc and run Linux
or OpenBSD and have a fantastic firewall that could let you do anything
you want.
Note: if your passing through IPSec for VPN, then you'll want to use
OpenBSD and not Linux.
Jon Carnes
More information about the TriLUG
mailing list