[
294
]
However, in most cases, they'll have some sort of default security or firewall built
in. In all honesty, the security features built into common routing equipment are
extremely poor and most of them are easy to hack when someone wants to badly
enough. The point is that these devices have some sort of security to begin with
(regardless of how good or bad), whereas a custom internet gateway of your own
won't have any security at all until you add it.
When you set up an internet gateway, you'll want to pay special attention to setting
up the firewall, restricting access to SSH, using very strong passwords, keeping up to
date on security patches, and installing an authentication monitor such as
fail2ban
.
We'll get into those topics in
Chapter 21
,
Securing Your Server
. The reason I bring this
up now, though, is that if you do set up an internet gateway, you'll probably want to
take a detour and read that chapter right away, just to make sure that you secure it
properly.
Anyway, let's move on. A proper internet gateway, as I've mentioned, will have
two Ethernet ports. On the first, you'll plug in your cable modem or internet device,
and you'll connect a switch to the second. By default though, routing between these
interfaces will be disabled, so traffic won't be able to move from one Ethernet port
to the other. To rectify this, use the following command:
echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward
That's actually it. With that single command, you've just made your server into a
router. However, that change will not survive a reboot. To make it permanent, open
the
/etc/sysctl.conf
file in your editor:
sudo nano /etc/sysctl.conf
Look for the following line:
#net.ipv4.ip_forward=1
Uncomment the line by removing the hash symbol in front of it, and save the file.
With that change made, your server will allow routing between interfaces even
after a reboot. Of all the topics we've covered in this chapter, that one was probably
the simplest. However, I must remind you again to definitely secure your server
if it's your frontend device to the internet, as computer security students always
enjoy practicing on a real-life Linux server. With good security practices, you'll help
ensure that they'll leave you alone, or at least have a harder time breaking in.
From here, all you should need to do is attach a network switch to your other network
interface, and then you can attach your other wired Ethernet devices and wireless
access point to the switch. Now, Ubuntu Server is managing your entire network!
Next, we will ensure the clocks of our servers are up to date by setting up NTP.
Chapter 11
Do'stlaringiz bilan baham: |