Topic: An easy firewall management system

[arne]

I also normally run the sme server without monitor and keyboard. Use putty client on Windows for shell access and WinSCP for file management. Mac clients .. this were more difficult .. but Mac (today) is also "a Unix derivative" so it should exist a remote Linux shell. (??!!)

[arne]

Have never tried remote shell on Mac, but it's something here:
http://www.cs.vassar.edu/SysNews/ssh/unix.html

[arne]

Or .. this should work from the Mac as well (Java webclient based.)
http://www.oit.duke.edu/sa/security/ssh.html

[raem]

calisun

You can also access the command line of your headless sme server using a Putty ssh connection from your workstation to do configuration or updates etc.

[calisun]

arne
just to let you know, the link you provided for mindterm, uses old version 1.2.1, I connect fine to SME 6.5 but when I try to connect to 7.0 I get an error message: MindTerm does not support SSHv2 yet, enable SSHv1 compatibility in server

To get the latest version of MindTerm, 2.4.2 go to: http://www.appgate.com/products/80_MindTerm/110_MindTerm_Download/index.php

Runs great on Mac's and PC's

thanks

[berdie]

Hi,

you could use also a cool contrib by Darrell May calls webconsole. This contrib is a little bit older
and originally for SME 5.x, but is also working excellent under the 6.x-Versions.
Here is the link:
http://mirror.contribs.org/smeserver/contribs/dmay/smeserver/5.x/contrib/webconsole/dmc-mitel-webconsole-0.0.1-5.noarch.rpm

Rgds.
Dietmar

[arne]

By the way ..

According to my own arguments above a more sofiticated firewall controll should require som much more configuration tools so it should not be practical to implement to the server-manager panel.

But one thing that actually cold be implemented rather easy is lets say a 2 alternative choice:

A. Lan open mode, like today, with free access out.
B. Lan secure mode. Outgoing trafic restricted to web proxy and mail only (or possible some other basic functions.)

Personally I would never like to use such a "secure mode", at all, but there might be other users and other needs like for children and business environment with higher secuity requirements etc.

The firewalling part of such a mod should be rather easy. Dont know about the config-panel part of it.

I have used a modifyed sme gateway (5.6) with such a resticted "communication profile" it worked ok technically but the users (students) were not very happy about having just a few internt services available. (So it ended with "please open it again" and so we did.)

[prasann4u]

hi, i m green in linux world but as i know u can use chipondisk or usb drive insted of ide to make firewall onboard,
there is also one distribution called uclinux insted of standard pc u can install it on other devices....

inform me if u get proper solution...