[Mageia-sysadm] Installing firewall

Tue Nov 16 07:43:19 CET 2010

On Mon, Nov 15, 2010 at 08:23:11PM +0100, Olivier Thauvin wrote:
+>I don't want to say NFS is wonderfull, but being able launch "rpm -Uvh
+>libfoo*.rpm" saved my life so many time I really think having the tree
+>provided by NFS would be an advantage (even ro).
+
+nfs and automounter are an evil plan from sun to drive system
+administrator insane :)
+
+that said there is nothing better than that for sharing resources, and
+if thet are correctly configured they work flawlessly.
+
+>About the firewall part, why not simply allowing everything from ours IP
+>(the 4 or 5 servers we have) ?
+>I don't imagine this would be more risky than having php on our
+>server...
+
+i have a similar setup, where my frontend mail/web servers are hosted in
+a dc, in order to secure communication between those i just did:
+
+/etc/ipsec.conf
+spdadd X.Y.W.1 X.Y.W.2 any -P in ipsec
+         esp/transport//require
+         ah/transport//require;
+
+spdadd X.Y.W.1 X.Y.W.2 any -P in ipsec
+         esp/transport//require
+         ah/transport//require;
+
+/etc/racoon/psk
+X.Y.W.1 this_very_secret_string_you_no_guess
+X.Y.W.2 this_very_secret_string_you_no_guess
+
+/etc/shorewall/zones
+loc     ipsec   mode=transport
+
+/etc/shorewall/policy
+fw      loc     ACCEPT
+loc     fw      ACCEPT
+net     loc     NONE
+loc     net     NONE
+
+
+now i am sure that each host cannot be spoofed or intercepted.
+
+L.
+
+-- 
+Luca Berra -- bluca at vodka.it
+