Line 1: |
Line 1: |
− | ==Firewall==
| |
| The server manager is the GUI front end for the firewall. The firewall is modified automatically in response to changes you make in the configuration, such as enabling/disabling services, marking them public/private, forwarding ports, etc. | | The server manager is the GUI front end for the firewall. The firewall is modified automatically in response to changes you make in the configuration, such as enabling/disabling services, marking them public/private, forwarding ports, etc. |
| | | |
| If you wish to make changes beyond those provided for by the server manager, you can do so by setting DB records or providing custom templates. Only make these changes if you are sure you know what you are doing, '''incorrect settings will compromise security on your server.''' | | If you wish to make changes beyond those provided for by the server manager, you can do so by setting DB records or providing custom templates. Only make these changes if you are sure you know what you are doing, '''incorrect settings will compromise security on your server.''' |
| | | |
− | ===FAQs===
| + | ==FAQs== |
| *I want to have two WAN addresses; one for the SMESERVER and another that needs to be treated like a "Local Network". I can't set any address from the WAN subnet as a "Local Network". | | *I want to have two WAN addresses; one for the SMESERVER and another that needs to be treated like a "Local Network". I can't set any address from the WAN subnet as a "Local Network". |
| | | |
| This is intended behaviour as SMESERVER is secure by design. If you need to do something like this, you should know what you are doing and understand what to poke under the covers. | | This is intended behaviour as SMESERVER is secure by design. If you need to do something like this, you should know what you are doing and understand what to poke under the covers. |
| | | |
− | ===DB Settings===
| + | ==DB Settings== |
| *How do I allow public access to a service I've added to SME Server 7? | | *How do I allow public access to a service I've added to SME Server 7? |
| The procedure has changed and is now much simpler in SME Server 7. For this example the service you have installed is called 'manta' and 'nnn' is the TCP port number that needs to be opened. Watch your capitalization with the command below: | | The procedure has changed and is now much simpler in SME Server 7. For this example the service you have installed is called 'manta' and 'nnn' is the TCP port number that needs to be opened. Watch your capitalization with the command below: |
Line 33: |
Line 32: |
| signal-event reboot | | signal-event reboot |
| | | |
− | ===Custom templates===
| + | ==Custom templates== |
− | ====Block incoming IP address====
| + | ===Block incoming IP address=== |
| *I want to block All traffic from some ip-addresses to my server. | | *I want to block All traffic from some ip-addresses to my server. |
| Create a custom template and list the IP's | | Create a custom template and list the IP's |
Line 52: |
Line 51: |
| iptables -L INPUT -v -n | | iptables -L INPUT -v -n |
| | | |
− | ====Block outgoing IPs or mac addresses====
| + | ===Block outgoing IPs or mac addresses=== |
| This section needs improvement. | | This section needs improvement. |
| | | |
Line 82: |
Line 81: |
| iptables -L | | iptables -L |
| | | |
− | ====Block outgoing ports====
| + | ===Block outgoing ports=== |
| *I want to block outgoing traffic from my server. | | *I want to block outgoing traffic from my server. |
| | | |
Line 115: |
Line 114: |
| /etc/init.d/masq restart | | /etc/init.d/masq restart |
| | | |
− | ====Bypass Proxy====
| + | ===Bypass Proxy=== |
| *You have Transparent Proxy enabled (the default) but want to allow this to be selectively bypassed. | | *You have Transparent Proxy enabled (the default) but want to allow this to be selectively bypassed. |
| | | |
Line 157: |
Line 156: |
| signal-event reboot | | signal-event reboot |
| | | |
− | ===Open Ports in Private Server/Gateway Mode===
| + | ==Open Ports in Private Server/Gateway Mode== |
| *I want to hide all ports, so I put my SMESERVER in PRIVATE SERVER/GATEWAY mode. I can still see some ports are open. | | *I want to hide all ports, so I put my SMESERVER in PRIVATE SERVER/GATEWAY mode. I can still see some ports are open. |
| | | |