Topic: [SOLVED] PROBLEM to get SMEServer connected to LAN

[arne]

A few words about the security issue (as seen by me.)

There is a few things and issues about running a internet servers on a lan (in a private home, not a business environment).

First thing that can be hacked is the router itself. Is this happen the router con be configured by the attacker to forward packets and ports to any of the servers and workstations on the lan. This traffic can be used for further attack. This actually happen from time to time that users forget to set proper password etc so anyone can log into the router and take over control. It's actually surprisingly many routers that is open in this way, so anyone can reconfigure them. The same is also some times true for wireless networks, sometimes (and quite often) it is completely open so anyone can take over administrator control. Of course it is important that eventually log on access etc works as they should and also for the wireless network, if any.

If a server located on lan and "connected" to internet via port fording, the server will normally be attacked on regular basis trough the open ports. SSH/port 22 is more dangerous to have open than many other ports. An open port 22 and a running ssh deamon behind with user acount / password logon will be attached within hours and brute force attach will normally happen almost every day. If the portnumber is just changed to something quite unstandard like 21211 the number of brute force attach will normally decrease to almost nothing.  (Actually, I have had zero attacks during the last 6 months myself.)

Theoretically any server function can "fall" and be taken control over using traffic on the standard port, but it not likely expect that it will happen. On the other hand if a hacker should be able to take control over your Linux server it can be a quite bad and powerful tool for making further attacks against your workstations, and it can be used for doing further attacks around the internet leaving your ip as the address.

To have a kind of second barriere all workstations should a firewall. Linux or Windows XP's built in can be ok.

When the server is connected to internet, it is a good idea to check the log from time to time. Most attacks will normally have to be built up over time, so there will be something in the log before anything really happen. If there is a firewall in the front of the SME server and more that is filtered in the first firewall, the more easy the SME log will be to read.

To see what is actually happening and running on the server just now, the top command can be used. There is also a good and useful tool called iptraf that can be installed via yum. Using iptraf you can get a "here and now" picture of what traffic is fleeting in and out of your server. There is also a port scanner tool called nmap. This can also be installed via yum. Doing "nmap localhost" you can see which ports your server is listening to. 

A tree port router with a dmz is a lot more difficult to set up and to get all server functions working like they should from lan and from internet.

A double 2 port router setup is a lot more easy to set up, and it gives some better security for your workstations but not for your server.

Personally I think the main concern should be about to taking care about the security of the server, and to check logs, traffic and activity from time to time. It will not give any increased security for the server to set it in a DMZ.

A double nat with dmz like this is quite easy to set up and configure:

Internet--Firewall/nat-router1--DMZ with servers ---Firewall/nat-router2---Lan with protected workstations

Of course, if you have an extra router, this can be done, but for a private home, and "hobby use" I think this is not needed. The concern should rather be the  server on the DMZ that will not get any increased security at all.

So for a private home, I thin to locate the server on lan is quite ok. The important thing is the to look in the log, from time to time, and to see that it is the proper traffic and processes that is running. 

Smoothwall is a quite ok firewall. If using Smoothwall it is quite easy to configure in such a way that it is only approved source ip's that have access to the server functions. This will make the log at the sme server almost empty and quite easy to read. If there is a thousand birds in the sky, it can be difficult to see the bad one. If the sky is normally empty, it's easy to see the bad one.

The Smoothwall firewall distro have automated configuration tools for 2 NIC, a 3 NIC, and 4 NIC installation. (Internet-DMZ-Wireless-LAN)

By the way - sme 7.3 server in "server only" mode has a firewall, but it is configured for "a lan environment". "iptables -L" will show it is running and give som info about the configuration. 

Just some ideas. (As the main problem has been solved and the security issue was also mentioned.) 

[pfloor]

I'm locking this thread.

It started out as a user trying to figure out a simple network issue (that he has now solved by himself) and turned into a philosophical discussion about network security.

I'm sure if the OP wanted to know about network security, he would have asked.

In the future, let's all try to stick to the question posted by the OP and not hijack the thread with something the OP didn't ask about.

supafly1975, sorry you had to wade through tons of unrelated BS to get your problem solved.  Next time I hope your experience is a bit easier.