Koozali.org: home of the SME Server
Legacy Forums => Experienced User Forum => Topic started by: EB on April 30, 2001, 07:42:06 PM
-
Hi,
Where do you actually get documentation on making configuration changes on the e-smith server? In the 4.1.2 release notes, point #2 says that public services can now be restricted to allow access only from the internal network. Where is the documentation that explains how to do that? I can't find it on the forums, or the manual. I went into the /home/e-smith/configuration file and added |access|private| to the httpd and mysqld lines, but when I scan my ports, port 80(http), 114(auth), 443(https) & 3306(mysql)
they still show open. I'm developing a php driven intranet page that I dont particularly want people to be able to access from the outside. Do I have to manually go alter the ipchains file or is there an easier way?
Thanks,
EB
-
I suspect you are referring to public enabling/disabling of ssh remote access, telnet access and ftp access? If so these are controlled from the e-smith-manager console under Security/Remote Access.
-
I'm referring to web services such as http and https
-
--So you want to restrict public acess simply change the permissions on the default site and dissallow ssh from the external network.
--This can be done via the web-manager (even in ssh!), however change the permissions may prove to require a bit of digging.
HTH
-
EB wrote:
>
> Hi,
>
> Where do you actually get documentation on making
> configuration changes on the e-smith server?
The devinfo mailing list is your best source of the latest technical/internal information. This is also distilled into documents on www.e-smith.org as time permits.
> In the 4.1.2
> release notes, point #2 says that public services can now be
> restricted to allow access only from the internal network.
> Where is the documentation that explains how to do that? I
> can't find it on the forums, or the manual. I went into the
> /home/e-smith/configuration file and added |access|private|
> to the httpd and mysqld lines, but when I scan my ports, port
> 80(http), 114(auth), 443(https) & 3306(mysql)
> they still show open.
Excellent research. Are you running in serveronly mode? If so, the ipchains rules are disabled. Serveronly mode is designed for use on a private, internal network, as discussed in the manual (www.e-smith.org/docs/manual).
If you are running in server-gateway mode, your changes should work as long as you perform an event which rebuilds the configuration files, in this case "/sbin/e-smith/signal-event remoteaccess-update".
However, given that you can see the MySQL port, I would guess you are running in serveronly mode.
> I'm developing a php driven intranet
> page that I dont particularly want people to be able to
> access from the outside. Do I have to manually go alter the
> ipchains file or is there an easier way?
/etc/e-smith/events/actions/disable-external-services
Please note that this program makes changes to the configuration database which are not currently reversible through the e-smith-manager (such as setting httpd-e-smith "access" to "private").
Gordon
-
Hi,
Thanks for the info I really appreciate it! I rebooted the server but forgot to trigger a rebuild of the config files. Thanks,
EB :)
-
I'm running in server & gateway mode, by the way. Depending on which site I go to to scan ports, I get slightly different results. The mySQL port shows up on 1 site so I thought I'd look into it anyway. Thanks,
EB :)