Koozali.org: home of the SME Server
Legacy Forums => General Discussion (Legacy) => Topic started by: jackl on May 02, 2005, 11:10:38 PM
-
Hi All
Thanks to Ray Mitchell for the information below
To set your server in Stealth mode do
grep masq /home/e-smith/configuration
masq=service|Logging|none|Stealth|no|pptp|yes|status|enabled
/sbin/e-smith/config setprop masq Stealth yes
/sbin/e-smith/expand-template /etc/rc.d/init.d/masq
/etc/init.d/masq restart
grep masq /home/e-smith/configuration
masq=service|Logging|none|Stealth|yes|pptp|yes|status|enabled
Ray this works fine. However as soon as a vpn connection is made stealth mode property returns to "no".
I can't find the template fragment that is modified by .../sbin/e-smith/expand-template /etc/rc.d/init.d/masq ...so as to create a custom template, or anyway is the VPN pptp connection changing this using some other method.
Any ideas?
Regards
Jack
-
I'm no expert on this but I guess the protocols that are being blocked by Stealth mode are needed for VPN to function, therefore Stealth mode gets disabled.
Anybody else able to confirm this ?
-
Ray,
Many Thanks for your reply and your willingness to help.
Just to infuriate everyone else, we have many M$ ISA firewalls setup this way and they do not reset stealth mode after a VPN session. Can anybody confirm that stealth is still set to "no" after a VPN Session on SME 6.0.1 and if not I will spend time investigating why not, it's just I need confirmation from somebody else, to justify the time.
Regards
Jack
Ps I know that stealth mode is not the answer to everything but it keeps away the amateurs most of the times.
-
I'm sure I had my server set to Stealth mode and when I looked again it was set to No (& I had been VPN'ing). I'll do a specific test later.
You could create a cron job to reset Stealth mode evey hour as a workaround.
I don't think Stealth mode gives you any greater protection, it just makes the connection a bit quieter.