Re: Firewall issues with setting up vsftp server

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sat, Dec 11, 2004 at 11:58:24AM -0600, Terry Linhardt wrote:
> I might also add that your comments above about using dual NICS, turning 
> off iptables internally, etc. are all valid.  I'll just note that this 
> has become one of those issues in which I want to learn how to solve the 
> problem at hand, even though there are a couple of "work-arounds." 
> Sometimes I am just pragmatic, but I envision a need to solve this 
> problem for a "public" ftp server in the near future.


Planning ahead?  You're going to ruin your chances for promotion..  :-)

Management is only allowed to think its way out of the current crisis.
Planning ahead interferes with making the revenue numbers for the quarter... :-)

On a more serious note - I avoid becoming too dependent on the GUI style
config tools. They have two serious drawbacks:

#1 - Poor functionality: many of them (like Fedora's) are extremely
limited in what you can do with them. What I think you are calling
work arounds are actually the main tools intended to be used to manage
iptables. The GUI's are afterthoughts intended to allow non-sysadmins
to be able to use/configure firewalls in a minimal fashion.

(Note - I'm not saying don't use the GUI tools, just be aware of their 
deficiencies and be ready to work at a deeper level when needed).

(Note, there are some very serious tools designed for managing iptables
firewalls, look up IPCOP, shorewall and others, as far as I know, the
Fedora firewall GUI doesn't even have 5% of the capabilities those tools
have).

#2 - Distro specific.  Mostly, each Distro has their own GUI tool for
managing the firewall. So you have to learn a new GUI tools for each
different distro.  If you know how to manage the firewall directly
it won't matter which distro you encounter.  You can do it the same way
on all of them.

Example - how do you configure a time based change in the firewall using
the Fedora Firewall GUI tool? (Hourly, weekly, daily, monthly  etc..)

Is this a realistic example?  yes- had to something like this for a
medical firm.

(this can be done on all Linux system using cron, a shell script, and
the iptables command.)



-- 
Linux/Open Source:  Your infrastructure belongs to you, free, forever.
Idealism:  "Realism applied over a longer time period"
http://www.scaled.com/projects/tierone/
<a href=http://kinz.org>Kinz</a>
http://www.fedoratracker.org http://www.fedorafaq.org
http://www.fedoranews.org
Jeff Kinz, Emergent Research, Hudson, MA.
~
~
~
~
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux