As crazy as the question is, here are the grounds:
A. I need access to the system with ftp from any other system(yes, I haven’t spent enough time with the firewall)
B. Linux has a very secure password encryption system(Blowfish) and requires the password to give a thread access.
C. This would make an attack from the exterior hard to impossible(I think :\ ).
So is the Linux kernel able to protect itself without a firewall simply with it’s password security, or something else? Or would a non firewall protected server be completely vulnerable to every possible attack?
Does your router have a firewall? Then you dont need to run your server with a firewall. Otherwise a firewall will be always necessary. Did you ever heard about Brute Force Attack?
No, a firewall is not needed. It is fun to have kids from all over the world playing fun games within your computer.
</sarkasm>
At least your router should restrict the incoming ports allowed to those you absolutely need to let in. But let’s face it: if your computer is connected to the internet you HAVE to start the firewall. It will give you the opprtunity to configure what you will allow to connect (e.g. some trusted networks only).
> As crazy as the question is, here are the grounds: A. I need access to
> the system with ftp from any other system(yes, I haven’t spent enough
> time with the firewall)
So, now it is a good time to learn how susefirewall2 works
> B. Linux has a very secure password encryption
> system(Blowfish) and requires the password to give a thread access.
True, but nothing is 100% fail-proof.
> C. This would make an attack from the exterior hard to impossible(I
> think :\ ).
Having a firewall is always a very good idea. If you take no measures,
what makes your system vulnerable is the fact that people can scan your
ports and they would get a response from you (or your running services).
So giving them a tip on what is it enabled (or open) is not a very good
idea.
On the other hand, susefirewall2 (or any other firewall) gives you some
fancy logs about any suspicious activity.
> So is the Linux kernel able to protect itself without a firewall simply
> with it’s password security, or something else? Or would a non firewall
> protected server be completely vulnerable to every possible attack?
One of the best things about openSUSE is, precisely, its firewall
service. Take some time to get in touch with it (it is, by no means, an
easy task) and enable the service.
Ah. That helps. I didn’t occur to me that currently running programs using ports would give a program access. That makes good sense.
I am not 100% sure about the router, but I will set up the firewall. Heh…it ain’t working right now. The ftp server is running but I cannot connect on both the same computer and my other computer. I need to do some research on ftp users too. Are they the same as linux, but google was created for a reason.
Thanks for the answers. It’s time to search for config files.
It may help to configure ftp access from the LAN first. You may even open the firewall for the inside world until it works. Then add restrictions as required. When everything is ok start configuring access from the outside.
Hmmm…Is it impossible to access a pc from it’s global ip address on itself(i.e. the server connects to itself via the global ip)? I can get local access but the global ip doesn’t work.
what a global ip is? your router receives from your internet provider as soon as it is up an ipaddress on a temporary base(around 60 days). then if you have a network setup to connect to the router the router would give each of the computers an internal ip address which is not easily visible from outside(192.168.1.x).
could you use at least sftp(secure ftp) instead of ftp? reason is safer protocol.
Alternatives: in your internal network you can try to setup ssh(secure shell) as a first step to connect between any of your local computers. This opens a ssh tunnel(secure shell tunnel) and then you could say that you are very safe to move /copy files in between them. once you have it run in your local network with settings on the firewall and router you can from outside your network connect to any of your internal network computers(connect from work to your home).
ssh is standard in opensuse(and i think installed by default cannot remember) and easy to setup in the firewall(sshd protocol). a bit more trickier in windows.
try this link to learn about it and other things: Linux HOWTOs and Tutorials: Suse Linux 10.0, 10.1 openSUSE 10.2, 10.3, 11.0, 11.1
and yes you can ssh to your own machine.
Good luck!
