You are not logged in.

#1 2011-03-17 16:33:54

Jirrick
Member
Registered: 2011-03-17
Posts: 2

How to restrict use of network adaptors

Hello guys,

I'm now setting up a small home server and at home we have right now the possibility of two different internet connections. I want to restrict one interface only to SSH/SCP (although I quite trust this connection still public IP seems as risk to me) for accessing this machine from outer internet and use the second one for other things like browsing or downloading stuff (it's faster, somehow NATed, but on the other hand its community network so there probably should be some restrictions to http only or so).
Is there some not so hard way how to do that? I use net-cfg as one of the connections (the one I want to be SSH only) is done by wireless.
Also I wonder whether the stock Arch network configuration is secure enough or should I pay more attention to security settings? This machine is intended to store some data important to me.

Thank you very much in advance!

Offline

#2 2011-03-17 18:47:53

sironitomas
Member
From: Cordoba, Argentina
Registered: 2009-11-28
Posts: 174
Website

Re: How to restrict use of network adaptors

I'm not sure I understood everything right, but I can tell you some things.

There is no security in the network by default. If you have a direct internet connection, you should use a firewall to protect yourself from common attacks.

Also, If you plan to use SSH, it's recommended to disable password login and make use of keys.

For the community network, you might want to use a encrypted socks tunnel. That way, nobody can sniff your data, and you'll be able to jump some firewall restrictions.

Concerning to your question about restricting SSH to one interface, you could use iptables to drop all incoming connections in port 22 (or other) from the interface you don't want to use in SSH. I don't know any other way (I'm sure there is a easier one).

Last edited by sironitomas (2011-03-17 18:58:49)

Offline

#3 2011-03-18 21:40:52

Jirrick
Member
Registered: 2011-03-17
Posts: 2

Re: How to restrict use of network adaptors

thank you so much for this introduction, i guess i will sort it out somehow :-)

Offline

Board footer

Powered by FluxBB