Koozali.org: home of the SME Server
Obsolete Releases => SME Server 8.x => Topic started by: madadam on July 23, 2012, 04:17:57 PM
-
Having built several SME 8 machines in Server-Only mode I've observed that the masq service is running and a dump of iptables -l shows a few pages of active rules. This seems to suggest that SME 8s default is to have an active firewall in Server-Only mode despite documentation indicating otherwise:
http://wiki.contribs.org/SME_Server:Documentation:Administration_Manual:Chapter5#Option_3:_Server-only_mode (http://wiki.contribs.org/SME_Server:Documentation:Administration_Manual:Chapter5#Option_3:_Server-only_mode)
http://wiki.contribs.org/SME_Server:Documentation:Administration_Manual:Chapter2 (http://wiki.contribs.org/SME_Server:Documentation:Administration_Manual:Chapter2)
Can a dev team member please confirm or deny my observation on the status of the firewall in Server-Only mode. I recall a discussion under SME 7 that addressed this question and I believe that originally it was not the case but modifications were made to allow this behaviour.
Cheers,
Adam
-
madadam
IIRC in server only mode there is still some minor degree of "firewall" functionality, but it is only minimal, as deemed appropriate by the developers for additional security in that mode. There were some big long forum discussions involving arne from about 2 or more years ago that touched on this subject (amongst other posts).
You MUST still put a full blown firewall between an sme server in server only mode and the Internet. This could be a sme server in server and gateway mode or some other firewall device.
-
Hi Mary,
I do remember the discussion but can't seem to find it. I don't suppose you can provide a link to it if it's the same thread I'm thinking of.
Cheers,
Adam
-
Could one of the dev team members please take a moment to iterate the firewall/security functionality of SME Server 8 in Server-Only mode please?