Davina Treiber wrote:
Matt Temple wrote:
1. What do you do, if anything about the "service ports"?
For service ports, read "source ports". Very few sites write rules
based on source ports so usually this setting is irrelevant.
Davina,
Thank you. I'm setting this up in advance of moving some of the
clients
into a DMZ. Information security will allow needed openings between DMZ
clients and the Networker server. Does /that/ interface need to know
the source
ports (even if IPTABLES does not)? (Working with the information security
people here can be a lot like the movie "Brazil.")
But under any circumstances, I now probably have the right set of questions
to ask them. If I can get my server /and/ clients running with the
right IPTABLES
settings, that should be the same information to pass to the information
security people.
Matt Temple
--
=============================================================
Matthew Temple Tel: 617/632-2597
Director, Research Computing Fax: 617/582-7820
Dana-Farber Cancer Institute mht AT research.dfci.harvard DOT edu
44 Binney Street, LW250 http://research.dfci.harvard.edu
Boston, MA 02115 Choice is the Choice!
To sign off this list, send email to listserv AT listserv.temple DOT edu and type
"signoff networker" in the body of the email. Please write to networker-request
AT listserv.temple DOT edu if you have any problems with this list. You can access the
archives at http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
|