nope, I might do that some time. It wouldn't hurt to try out many of these. Zentyal, vyatta etc. Im am mostly Cisco leaning but I find vyatta to be equally refreshing. Regards. On Sat, Sep 18, 2010 at 11:34 AM, Simon Mbuthia <simon.mbuthia@gmail.com> wrote:
Hi Anthony,
Have you tried Zentyal? I wish it were RedHat based... I'm thinking of installing it after working hours.
On 18 September 2010 11:24, Anthony Lenya <tlensya@gmail.com> wrote:
Hhhmmm! Interesting scenario you have there. Any I use Iptables and SElinux but I set the SElinux mode to permissive, thats way it doesnt cause issues. I would also ask you to consider vyatta or smoothwall. These are open source distros that u can use as routers and firewalls.
Regards,
Lenya
On Sat, Sep 18, 2010 at 11:07 AM, Simon Mbuthia <simon.mbuthia@gmail.com> wrote:
Good points... but something that I was fearing has come to happen.
I got to the office this morning after disabling iptables yesternight to find that clients could not access the internet. On talking to guys at our ISP, they said that they could reach our public IP. We could not reach our firewall's gateway... right then I knew it was something to do with iptables... so I ran service iptables status and there were no rules in iptables. vi /etc/sysconfig/iptables showed that the rules were intact in the file, so I restarted iptables and enabled SELinux. But I noticed that every 6 or so minutes, iptables would fail again. I suspect that my Linux box could be compromised. I only had ports 22, 80 and stunnel listening at 20000 accessible from the outside world. So far I have added an entry to crontab that restarts iptables every 5 minutes while I "investigate". What could have happened to my iptables?
A concerned me....
On 17 September 2010 18:22, [ Brainiac ] <arebacollins@gmail.com> wrote:
I evaluated these and had a breeze of a time with clear os and psense, but as accurately indicated, iptables are as good as you set them.
On Friday, September 17, 2010, Nd'wex Common <flexycat@gmail.com> wrote:
@Simon
For starters, enabling SELinux will indeed give you some sleepless nights and would be best if you disabled it. The security of your system/network is dependent on how well you configure iptables.
Zentyal and other bundled network management systems eg ClearOS [based on centos also web-based interface] can be good admin. products but you need to fully understand what they can do and what they cannot with relation to your needs.
my thoughts
On Fri, Sep 17, 2010 at 3:50 PM, Simon Mbuthia <simon.mbuthia@gmail.com> wrote:
Hi guys,
I have been running a CentOS firewall for a few months, but it seems to me like the machine is posessed by something. All of a sudden no port is open from outside except ssh which I'd like to be accessible only from within my LAN. The problem is SELINUX. I'm a bit apprehensive about disabling SELINUX [and only use iptables] though I don't know what security risks I'd be exposing myself to by so doing - if any. Thanks to one skunkmaster Jangita, I have learnt about Zentyal, a Ubuntu/Debian-based ... thingie that comes bundled with a number of services [firewall, IDS etc] which can be administered thru a sleek web-based interface.
My question/s is/are: would it be safe for me to use iptables only and disable SELINUX? Is Zentyal formidable enough to use as a security solution for a small business network? And why does SELinux have to be such a pain in the neck???
Me.
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Server donations spreadsheet Skunkworks Server
Harambee <http://spreadsheets.google.com/ccc?key=0AopdHkqSqKL-dHlQVTMxU1VBdU1BSWJxdy1fbjAwOUE&hl=en> ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Regards,
Collins Areba. Strategic Operations. Center for Renewable Alternatives Old Ferry Road, off Msa Malindi Rd, Kilifi, Kenya. +254 720 516758 +254 734 696821 skype/gtalk/twitter: arebacollins
*Solar *| * Wind *| * Waves * | * Biomass * _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Server donations spreadsheet
http://spreadsheets.google.com/ccc?key=0AopdHkqSqKL-dHlQVTMxU1VBdU1BSWJxdy1f... ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Server donations spreadsheet
http://spreadsheets.google.com/ccc?key=0AopdHkqSqKL-dHlQVTMxU1VBdU1BSWJxdy1f... ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Server donations spreadsheet
http://spreadsheets.google.com/ccc?key=0AopdHkqSqKL-dHlQVTMxU1VBdU1BSWJxdy1f... ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Server donations spreadsheet http://spreadsheets.google.com/ccc?key=0AopdHkqSqKL-dHlQVTMxU1VBdU1BSWJxdy1f... ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke