Linux中国 Linux中国门户站!
设为主页 设为主页
收藏本站 收藏本站
 
当前位置 :首页 ->Linux技术 ->发行版专区 ->ubuntu ->正文

Ubuntu-Server 6.10 防火墙系统安装

来源:howtoforge 作者:howtoforge  时间:2007-04-22 点击: [收藏] [投稿]

Next edit /etc/ppp/options. It should look like this:

lock

Now do:

touch /etc/ppp/options.pptpd

Now edit /etc/ppp/options.pptpd. It should look like this:

lock
ms-dns 192.168.1.1
ms-wins 192.168.1.1
domain your.domain.here
debug
name pptp-vpn
auth
proxyarp
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
chapms-strip-domain
lcp-echo-failure 10
lcp-echo-interval 30
nobsdcomp

Next, edit /etc/ppp/chap-secrets. It should look like this:

# Secrets for authentication using CHAP
# client	server	secret			IP addresses
user  pptp-vpn  abcdefg  "*"

Now do:

/etc/init.d/pptpd restart

You must be able now to setup a vpn connection from the inside of your firewall as "user" with paswword "abcdefg" (without the quotes) Change this initial username and password and add some users, if you like. Maybe you'll have to reboot some machines to make it work.

Now open your firewall for vpn connections. To do this, set your /etc/shorewall/rules as shown.

My /etc/shorewall/rules at this time:

#############################################################################################################
#ACTION		SOURCE		DEST		PROTO	DEST	SOURCE		ORIGINAL	RATE		USER/
#							PORT	PORT(S)		DEST		LIMIT		GROUP
#								PORT	PORT(S) DEST			LIMIT	GROUP
#
#	Accept DNS connections from the firewall to the network
#
ACCEPT	net	$FW	tcp	25
ACCEPT	net	$FW	tcp	443
ACCEPT	net	$FW	tcp	993
ACCEPT	net	$FW	udp	6277
DNAT	net	loc:192.168.1.1	tcp	1723
DNAT	net	loc:192.168.1.1	47
DNS/ACCEPT	$FW		net
#
#	Accept SSH connections from the local network for administration
#
SSH/ACCEPT	loc		$FW
#
#	Allow Ping from the local network
#
Ping/ACCEPT	loc		$FW
#
# Reject Ping from the "bad" net zone.. and prevent your log from being flooded..
#

To comlete this step, do:

/etc/init.d/shorewall restart

So now your customers will be able to do their job at home as well.

Note, that this only makes sense when your server has a reliable broadband connection to the internet, which in The Netherlands is the defacto standard, even for very tiny offices and most home addresses. In this respect we are way ahead of the rest of the world.

Next do:

cd /root

wget http://surfnet.dl.sourceforge.net/sourceforge/clamav/clamav-0.88.6.tar.gz

Like before, pick a mirror close to you.

groupadd clamav

useradd -g clamav -s /bin/false -c "Clam Antivirus" clamav

tar -zxvf clamav-0.88.6.tar.gz

cd clamav-0.88.6

./configure --sysconfdir=/etc

make

make install

touch /var/log/freshclam.log

chmod 600 /var/log/freshclam.log

chown clamav /var/log/freshclam.log

Now edit /etc/clamd.conf. Comment out "EXAMPLE" (without quotes). Next do the same in/etc/freshclam.conf.

Next do:

/usr/local/bin/freshclam

Now make this a cron job and run it every hour. Preferably not on the hour or anywhere near, as the clamav servers will be flooded when everybody does so. Choose a smart time for this job. The service is absolutely FREE! Let's keep it that way.

/etc/init.d/mailscanner restart

Now I want to do some perl jobs. If you actually use the ancient hardware I did to make this tuto, be advised that it is going to take some time.

Note that you can do without this, for starters. You may wish to schedule this job anywhere soon. If you choose so, you are

DONE!

Alternatively go all the way right now and do:

perl -MCPAN -e shell

Accept all defaults, except for the question where you can answer "UNINST=1" (without the quotes). I think it is best to actually do UNINST=1.

Now do:

install ExtUtils::CBuilder

reload cpan

The "reload cpan" command should be given right after each step in the cpan shell. Better safe than sorry. I only mention this once.

install ExtUtils::MakeMaker

As a result of the next commands you will be asked some questions. Just hit "enter" in all cases.

install Bundle::CPAN

install Bundle::LWP

install Mail::ClamAV

Now leave the cpan shell:

q

/etc/init.d/mailscanner restart

Now clean your /root directory. That's where all the downloads went.

Warning!!! Don't install Mail::SpamAssassin from cpan alongside the ubuntu spamassassin package as it will breake your system. No more rules du jour, and the rules, my friends, that's what it is mostly about!

 如果您对本文有任何疑问或者建议,请到讨论区发表您的意见: >> 论坛入口 <<

上一页 1 2 3 4 5 6 7 89 下一页


上一篇:Shorewall的单用户简单设置   下一篇:在breezy安装AntiVir的全攻略

文章评论】 【收藏本文】 【推荐好友】 【打印本文】 【我要投稿】 【论坛讨论
更多相关文章
·Ubuntu Linux系统中安装GNOME开始菜单
·利用Sudo命令为Ubuntu系统分配管理权限
·Ubuntu系统关于驱动模块命令的一些使用
·Ubuntu可移动Linux版本将于10月发布
·Ubuntu Linux下播放Real多媒体的方法
·菜鸟乐园 Ubuntu Linux发行版新手指南
· ubuntu 6.10安装Wildfire.v3.0.M020
· 在Ubuntu Linux上安装Java和Eclipse
· 在Ubuntu 6.10 上安装Lotus Not
· 在Ubuntu Linux下安装Pro/Engineer
推荐文章
·使用Sbackup备份和恢复Ubuntu Linux
·应用实例:Thinkpad上安装Ubuntu笔
·Ubuntu Linux 下的带宽监测工具
·MySQL配置(Ubuntu篇 供新用户参考)
·利用sudo命令为Ubuntu分配管理权限
·ubuntu 6.10安装Wildfire.v3.0.M020
· 在Ubuntu Linux上安装Java和E
·Ubuntu Linux下播放Real多媒体的方
精彩文章
·在ThinkPad上安装Ubuntu的过程详解
·PostgreSQL介绍及安装指南
·在Thinkpad上安装Ubuntu笔记
·从头开始对ubuntu进行优化
·《Ubuntu Linux 6.10 DVD版》(ubunt
·Ubuntu 6.06硬盘安装及简单优化
·新手硬盘安装Ubuntu一次成功
·简谈ubuntu之DIY发行版
·Ubuntu 6.06的LAMP环境入门
·Ubuntu 6.06上的Nvidia设置笔记
·使用 mailman 架设邮件列表
·MySQL 配置(Ubuntu篇 供新用户参考)
·菜鸟乐园 Ubuntu Linux发行版新手指
·《Ubuntu Linux 5.10 Intel x86
·ubuntu 6.10 升级策略
·Ubuntu系统关于驱动模块命令的一些
·新手入门 硬盘安装Ubuntu一次就搞定
·安装经验:Thinkpad上安装Ubuntu笔
· ubuntu 6.10安装Wildfire.v3.
·《Ubuntu Linux 6.06》Desktop 已添
·Shorewall的单用户简单设置
·Ubuntu Linux新版面世 加速Vmware支
·在Ubuntu Linux下安装Pro/Engineer
·新手看招 实用的Ubuntu Linux命令大
· 在Ubuntu Linux下安装Pro/Eng
·《基于Debian的Linux--Ubuntu Linux
Power by linux-cn.com 粤ICP备05006655号