siliconshaman (
siliconshaman) wrote in
linux4all2010-06-05 05:26 am
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
![[community profile]](https://www.dreamwidth.org/img/silk/identity/community.png)
plea for help
I have two problems.
1] I'm trying to secure my home server, which has an static LAN ip just outside the 1-100 range and is DMZ'ed.
Now it's running lucid..and for some reason I can't fathom, although the firewall is set to allow incoming connections on the SMB port specifically mentioning the other computers on the LAN by host name...it won't let them connect. [in point of fact, they can't see the server].
2] I can't get Tor to start... it's installed ok, but the throwing the error unable to bind the listening port [9050] to the home address, suggesting that another instance of tor is using it.. but there is no other instance of tor running [I checked using htop]. If it's any help, the Torcc file is blank, which I'm not sure it shouldn't be.
Any suggestions..I've been up all night and I'm brain fried. I can probably shut down the firewall and tor and revert to an open server.. but that's just asking some script kiddie to poke at it. I'd like to get it up and secure so that no-one but the three computers my family use can access the server, and the server uses tor to connect to the net. [and if possible works as a tor relay.]
But damned if I can see how to right now...I'm doing what it says in the instructions and it isn't doing what it should according to them.
1] I'm trying to secure my home server, which has an static LAN ip just outside the 1-100 range and is DMZ'ed.
Now it's running lucid..and for some reason I can't fathom, although the firewall is set to allow incoming connections on the SMB port specifically mentioning the other computers on the LAN by host name...it won't let them connect. [in point of fact, they can't see the server].
2] I can't get Tor to start... it's installed ok, but the throwing the error unable to bind the listening port [9050] to the home address, suggesting that another instance of tor is using it.. but there is no other instance of tor running [I checked using htop]. If it's any help, the Torcc file is blank, which I'm not sure it shouldn't be.
Any suggestions..I've been up all night and I'm brain fried. I can probably shut down the firewall and tor and revert to an open server.. but that's just asking some script kiddie to poke at it. I'd like to get it up and secure so that no-one but the three computers my family use can access the server, and the server uses tor to connect to the net. [and if possible works as a tor relay.]
But damned if I can see how to right now...I'm doing what it says in the instructions and it isn't doing what it should according to them.
no subject
If you're seeing that kind of behaviour, then somewhere, you or the firewall software screwed up the routing. You can have a look at how the kernel is routing using the route commands, or the ipchains command to view the Network Address Translation part of the Firewall. (if you go down this path, expect to do a lot of reading up about the commands).
Also, as a side point, it seems like a bit of an overkill to do a DMZ for a home network. Most home networks benefit from the assumption that if someone is inside your network, then they're probably inside your house, or hijacking your wifi. So it's far better to put stout locks on your doors, WPA encryption on your wifi and a good firewall on the internet end of your connection (between the server and the internet) and assume that your internal network is secure otherwise. So are you sure that a DMZ is really what you need? I also think a DMZ would be really hard to set up without using at least three computers (or one computer and two routers), and you sound like you're using just one.
no subject
I'll poke at it and see how I go on, but at least now I know where to start.