How to restrict use of network adaptors

Hello guys,
I'm now setting up a small home server and at home we have right now the possibility of two different internet connections. I want to restrict one interface only to SSH/SCP (although I quite trust this connection still public IP seems as risk to me) for accessing this machine from outer internet and use the second one for other things like browsing or downloading stuff (it's faster, somehow NATed, but on the other hand its community network so there probably should be some restrictions to http only or so).
Is there some not so hard way how to do that? I use net-cfg as one of the connections (the one I want to be SSH only) is done by wireless.
Also I wonder whether the stock Arch network configuration is secure enough or should I pay more attention to security settings? This machine is intended to store some data important to me.
Thank you very much in advance!

I'm not sure I understood everything right, but I can tell you some things.
There is no security in the network by default. If you have a direct internet connection, you should use a firewall to protect yourself from common attacks.
Also, If you plan to use SSH, it's recommended to disable password login and make use of keys.
For the community network, you might want to use a encrypted socks tunnel. That way, nobody can sniff your data, and you'll be able to jump some firewall restrictions.
Concerning to your question about restricting SSH to one interface, you could use iptables to drop all incoming connections in port 22 (or other) from the interface you don't want to use in SSH. I don't know any other way (I'm sure there is a easier one).
Last edited by sironitomas (2011-03-17 18:58:49)

Similar Messages

  • How can I use Guest network when my internal server provides the DNS?

    How can I use guest network when my internal server provides the DNS? The help article TS4505 tells me to enter an external DNS server, but I believe I can not configure my network that way...

    Apple assumes that you will be connecting the Time Capsule to a simple modem....and.....that the Time Capsule is configured as a router to provide DHCP and NAT services for the network.
    The Guest Network cannot be enabled correctly unless the Time Capsule is in charge of DHCP and NAT services on the network.
    Another way of saying the same thing is that the Guest Network will not operate correctly if the  Time Capsule is configured in Bridge Mode or DHCP Only.

  • I have bought a second hand iphone 4S which is locked on at&t how can i use other network sim on it as i have shifted from US

    i have bought a second hand iphone 4S which is locked on at&t how can i use other network sim on it as i have shifted from US

    Call AT&T and see if you meet their requirements for unlocking the phone.  If you don't, then you'll have to purchase a different phone entirely.

  • Using multiple network adaptors

    i have a network of macs and pc's, and i want to set it up so i have my macs able to access the net, but not the windows machines. the pc's are just fileservers which don't need access to anything other than eachother and the macs. all machines are connected to eachother by a switch, the macs also connect with their airport adaptors to an adsl router.
    if i put airport at the top of the network adaptors list to prioritise it, i can't access anything over built in ethernet. if i put built in ethernet to the top, i can't access the net. i assume its because both 'work' so it doesn't move down the list to the next adaptor. i really need to get it working so the macs will try to route over both network adaptors, so whether i'm using the internet or browsing the local network, either one or the other will make it work.
    i'd appreciate any advice. i am running 10.4 client and 10.4 server on the 2 macs. thanks.

    re:
    "Going the other way, I can connect to both 10.0.1.4 & 10.0.1.6 at the same time with the GO cmd from this wireless only machine."
    yes, you're still going through the router so the wired and the wireless adapters (yes i just noticed i'd been spelling adapters wrong, oh well) are both connecting to the same thing so pinging/GOing to both ip's will work. for me my airport is connecting to a router, and my ethernet to a switch. it doesn't work because they are connecting to 2 different networks.
    re:
    "Hmmm, just connected the other machines Airport to an outside network and still able to get the Local network via Ethernet... the second one down."
    you can connect to another wireless network yes but just getting onto another wireless network in itself isn't the problem, it depends if you can browse the other network or not, thats the trick. if you can while still connecting to the net through ethernet then thats what i need to be able to do. if you can, please let me know.

  • How can i use the network logon (VPN) as my default logon environment ?

    Hi!
    I use my laptop only for connect to my work, but every time i need to switch the last local user and click in the Network Logon icon in the bottom right corner, how can i make the network logon my default logon environment ?

    Hi,
    Logon process cannot be easily replaced, but if your concern is just to ignore it, we can use auto logon to bypass the manual logon process:
    Autologon for Windows
    http://technet.microsoft.com/en-in/sysinternals/bb963905.aspx
    Alex Zhao
    TechNet Community Support

  • How can I used local network outside the US

    How can I set up to use local networks of other countries?

    make sure you have the 3G/4G modle if your talking about that, and to use it with a specific carrier you will also need the sim card from that carrier, and you have to restore the device with the sim card from that carrirer in the device, dont forget to back up and tranasfer purchases as well

  • How do I use my networked HP Officejet to send a fax from my Macbook Pro?

    I have a Macbook Pro which I use in my office running OS X 10.7. We have a networked HP Officejet 6500 E710n-z. Ideally, I would like to be able to fax directly from Microsoft Word using this printer using the Fax PDF option. However, I cannot seem to figure out how to do this. Any help would be greatly appreciated.

    In order to send and receive a fax you need a fax machine connected to a phone line. What you are likely seeing is an efax. There are many efax services, some free. Efax allows you to send and receive faxes to your computer without using a fax machine or phone line. Using efax you can send a fax to a fax machine connected to a phone line.
    Do a search for efax.

  • How do I use 2 network cards?

    I want to use a wireless connection and a wired connection.  Each connection is on a different subnet, so they connect OK.  Wireless connection uses 192.168.182.XXX and the wired uses 192.168.1.XXX.  Wireless is primarily for internet browsing.  Wired connects to a server with nfs shares.  However, the wired connection seems to take over when they are both connected.
    How do I make the system use the wireless connection when browsing?  I have been toying with route.  Is this the right direction?
    Thanks

    I'm using networkmanager in kde 4.  I do want both interfaces to be running, so shutting one down won't help me.  A typical use might be listening to music over the ethernet connection to the nfs shared music, while browsing the internet through the wireless interface.  So I need to figure how to make that happen.
    As a side note, the reason for this is that my town provides internet access via an open wifi signal.  That is the only way I can connect to the net.  In fact, our entire town is on one LAN.  Small town ( 40 homes ) in the middle of nowhere.  Everything else I want to handle through my router.

  • How can I use multiple network connections concurrently?

    I'm using a Macbook, connected to a corporate network via Ethernet and to a private ADSL connection via Airport. What I want to be able to do is use the Airport connection for specific apps (Firefox, Safari, RDP etc) and the Ethernet connection for anything that needs to access any internal resources (Exchange etc).
    From what I've tried, the OS presents the primary connection (set via the Service Order configuration) to the application and nothing else. For example when Firefox is set to not use a proxy I can't access anything, unless the Airport is given priority. But when the Airport is set as the higher priority adapter via the Service Order then I can't access any of the internal network.
    Is there any way to work around this or am I stuck chopping and changing whenever I need to get out to the Internet directly?

    The highest priority service is the Internet connection. Anything that would go to the internet uses that service. However, you still should be able to access the internal network via Ethernet.
    For example when Firefox is set to not use a proxy I can't access anything, unless the Airport is given priority.
    That make sense
    But when the Airport is set as the higher priority adapter via the Service Order then I can't access any of the internal network.
    You should be able to at least access file servers.

  • How do I use a network solutions domain

    I regestered a domain and would like to forward to my iWeb acct. How do I do that?
    Thanks!

    You need to publish and upload your iWeb built site to a server and forward the domain name to that.
    http://www.iwebformusicians.com/iWeb/Publish-Website.html
    http://www.iwebformusicians.com/Search-Engine-Optimization/Upload.html
    http://www.iwebformusicians.com/iWeb/Website-Hosting.html

  • How do install the network adaptor for windows 7 with boot camp?

    How do I install the network adaptor for windows 7 with boot camp?

    boot camp forum: https://discussions.apple.com/community/windows_software/boot_camp 

  • Restrict use of multiple purchase groups in PR

    Hi All,
    How to restrict use of multiple purchase groups during creation of Purchase Requisition
    Thanks
    Diwakar

    set like _ material  grp assign to pur grp.
    but business need to accept it, normally wont . User authori is another approach provided that much user  license.

  • How to restrict PCs to logon one domain only

    I have multi domains environment. I have number of PCs that will be placed in common area that I would like to restrict the PC being allowed to logon my domain (A) only. How do I do that?
    I use GPO to set 'Default Logon Domain' but if users from other domain knowing how to do domain\username I think they would be able to logon.
    I can not apply 'Deny Logon Locally' because I don't have rights to other domains. I tried that and I tried to select Domain Users from other domain, I got denied.
    Is there a way to do it without interact with other domain admins? thanks.
    Thang Mo

    What is your domain controller? 
    There is a kb--->How to restrict use of a computer to one domain user only
    Solutions may be applicable.. 

  • Can use 4G network

    hi,
    my SIM card ,network provider and my passport cell phone should support the 4G network, but i can't find the 4G section at "Settings->Network and connections -> Mobile Network -> Network Mode".  I only could see 2G, 3G, and 2G & 3G.
    how can i use 4G network?

    funny, in my passport "network mode" does not appear at all thereby not allowing selection of any "G" ...I can only assume this is carrier specific (I have AT&T USA) & the hand-off from one "G" to another is handled by the tower to give the most efficient available... I have seen the 4G symbol from time to time depending where I lurk...
    10.3.1 SW .1779 OS .2726 WLAN .1.1 Radio .2727

  • Getting this message when trying to access our cameras, how to fix? This address is restricted This address uses a network port which is normally...

    Just installed Firefox for my boss, and ran into something I've not seen before. When trying to access our private camera system, that uses specific ports, I got this message: "This address is restricted - This address uses a network port which is normally used for purposes other than Web browsing. Firefox has canceled the request for your protection."
    Cannot find a setting in Firefox to correct this problem. Please help.

    Hello,
    Can you please check if either of these links help in the resolution of the issue
    # [http://kb.mozillazine.org/Network.security.ports.banned.override Firefox ports override]
    #[http://blog.christoffer.me/post/2012-02-20-how-to-remove-firefoxs-this-address-is-restricted/ Remove Firefox this address is restricted error]
    Thank you

Maybe you are looking for

  • Non-sense error message trying to create view

    Greetings All, Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production on Windows 2008R2 I am getting an error while trying to create a view. The error makes no sense in that no attempt to change a user name or password as the er

  • System slowdown caused by Mail. Application error or worm???

    Hi there! After wondering for a long time why my system is gone so slowly (i never do a restart, just awake from sleep) i figured out that mail is the problem. Problem is that just after starting mail the activity monitor shows a cpu usage of about 4

  • Bdoc error_smw01 _ GTIN

    Hi Experts, i am getting below error in smw01 while downloading the materials from r/3 to CRM 7.0 Check-digit in GTIN 00001216190000 (unit of measure KG) is invalid Message no. COM_PRODUCT_CUSTMSG020 Diagnosis The check digit (last digit) of the GTIN

  • BPEL file

    Hi Experts, If I have to test my webservice scenario from some other Technology ( Example : IBM  and etc.,), I have to give the wsdl file(which is created from XI - ID) to other technology people so that they can create the Proxy stuff and they will

  • MP540 printing wrong colour.

    This a.m.I scanned /printed text to take it along with me when Ibuying cheap reading glasses. Original document's black was not intense, but a rather paler shade toward grey. The output had a green shade . This p.m. I deep clean ed and a nozzle check