Re: setting up lax security on one ethernet interface while leaving the other strict

---

• From: ibuprofin@xxxxxxxxxxxxxxxxxxxxxx (Moe Trin)
• Date: Fri, 26 Sep 2008 15:05:42 -0500

---

On Thu, 25 Sep 2008, in the Usenet newsgroup comp.os.linux.networking, in
article <fba60a92-c1e2-4adc-84a9-5223220f49a8@xxxxxxxxxxxxxxxxxxxxxxxxxxx>,
dan wrote:

NOTE: Posting from groups.google.com (or some web-forums) dramatically
reduces the chance of your post being seen. Find a real news server.

I have an ubuntu (7.04) box with two ethernet interfaces.

I would like to leave one of them secure, but make the other one very
insecure --- maybe even allow telnet over it. (The insecure one is
to be networked to one old computer for which i can't get a recent
version of ssh.)

Rather limited details - but if you assume that the old system is the
only one on the "insecure" network (or you can tolerate someone
sniffing everything on that network), AND that the network cards
are such that the kernel will never make a mistake identifying which
one should be eth0 and which eth1, then there are several ways to
handle the problem. Perhaps the simplest technique would be two
firewall rules - one that allows connections to port 23 on IP address
$FOO, and the other that blocks access to all other addresses (which
should probably be the default rule). If you are running in.telnetd
out of xinetd, see if it will accept the "bind" option to tell xinetd
to only allow this on one receiving IP address.

Another option would be to not use networking at all, but run a
terminal on the serial port of the "server" and use some serial
application like minicom on the "client". See the
Remote-Serial-Console-HOWTO for details.

Old guy
.

---

• Follow-Ups:
  • Re: setting up lax security on one ethernet interface while leaving the other strict
    • From: David Schwartz

• References:
  • setting up lax security on one ethernet interface while leaving the other strict
    • From: dan

• Prev by Date: Re: IPsec wifi link in ad-hoc mode
• Next by Date: Re: IPsec wifi link in ad-hoc mode
• Previous by thread: setting up lax security on one ethernet interface while leaving the other strict
• Next by thread: Re: setting up lax security on one ethernet interface while leaving the other strict
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: The legal / illegal line? ... In terms of approaching an "insecure" organization, ... approach them out of the blue regarding their network. ... then you have some better references to provide to new clients (with the ... Cenzic Hailstorm finds vulnerabilities fast. ... (Pen-Test) Re: Ultra-secure to open net connect without data leak ... >How can one connect an ultra-secure data network area to an insecure network ... >without ANY chance of data leaking from secure to insecure. ... the handshake lines can carry ... (comp.security.misc) Ultra-secure to open net connect without data leak ... How can one connect an ultra-secure data network area to an insecure network ... for the purposes of transferring data from the insecure to the secure ... without ANY chance of data leaking from secure to insecure. ... (comp.security.misc) RE: [fw-wiz] Interlopers on the WLAN ... > who's at fault - the commercial site that the hacker attacks, ... > operator of the insecure WLAN, ... network, his policy. ... (Firewall-Wizards) Re: How many wireless networks where you are ? ... No the person should be insecure if he realized his network was unsecured!! ... then all your unwanted guests can do is try ... Encryption at the 802.11 layer and at the VPN layer is inefficient. ... (uk.telecom.broadband)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint

linux.derkeiler.com  > Newsgroups  > comp.os.linux.networking  > 2008-09