OpenBSD home network - few remaining issues

From: sealinux@xxxxxxxxx
Date: 18 Dec 2005 16:00:27 -0800

Well, I got my OpenBSD server working behind an OpenBSD PF firewall.
On the server, I'm running fetchmail to get my email, qmail to deliver
it, and courier-imapd-ssl to view it remotely with my laptop. Also, my
server home directory is mounted on my Mac Mini workstation via NFS.

All is good, just would like some guidance on the following:

1. Since I have to mount the home directory with the -P2 option, it is
impossible to get OS X to automatically mount the home directory. I
have to login to the Mac Mini as root, mount it, and then I'm good to
go. How can I get these two to play nice?

2. My home directory is mounted global read/write behind the firewall.
This is not good practice, I know. How do I mount it such that it
will be read/writable via the Mac, but not to the rest of the world?
I'm thinking of permissions, exports, etc.

3. I cannot get Squirrelmail to work for love or money. The message I
keep getting is "connection dropped by IMAP server." Under Linux, it
worked beautifully, first try. What could be the cause?

4. Apache doesn't recognize "index.php" for some reason. If I type
the URL http://foo.bar.com/webmail/index.php, then Apache loads it, but
if I just type http://foo.bar.com/webmail/, Apache shows (!) a listing
of the Webmail directory. This is a major security hole, I know. How
can I patch it?

5. I want to block the script kiddie dictionary attacks at my SSH at
the firewall. I know there are scripts that track the number of login
attempts from a certain IP, but I would need to get this information
from my server to my firewall so it can be blocked. Alternatively, I
could also run PF on the server and do it that way, but I'd rather do
it at the firewall. Any ideas?

Any help would be appreciated.

.

Follow-Ups:
- Re: OpenBSD home network - few remaining issues
  - From: jKILLSPAM . schipper

Prev by Date: Re: OpenBSD 3.8 - changing DocumentRoot in Apache
Next by Date: Re: OpenBSD home network - few remaining issues
Previous by thread: OpenBSD 3.8 - changing DocumentRoot in Apache
Next by thread: Re: OpenBSD home network - few remaining issues
Index(es):
- Date
- Thread

Relevant Pages

Re: CEICW fails at firewall config
... Do you or do you not have ISA 2000 or ISA 2004 installed on the SBS server? ... Do you have 2 NICs in the SBS? ... CEICW fails on firewall configuration every time. ... >>> Call to Creating the protected networks access rule returned ok. ...
(microsoft.public.windows.server.sbs)
Re: Recycler security issues on IIS server
... > latest upates to the server. ... > like to see the server put behind our firewall, ... other software, install all patches, IISlockdown, URLscan, use the correct ... the procedures you follow may vary depending on your security needs. ...
(microsoft.public.inetserver.iis.security)
Re: ISA SERVER NOT STARTING
... I delete the nat/basic firewall and stop and started the RRAS an tried to ... There were no critical events in the DNS Server Log in the last 24 hours. ... An error occurred during logon ... Caller User Name: - ...
(microsoft.public.windows.server.sbs)
Re: For Microsoft Partners and Customers Who Cant Download or Access
... to reconfigure the firewall, but to use a static IP on your client ... and to make sure that the DNS server entries on the client are ... Microsoft for msdn2.microsoft.com. ... use a static IP and set the DNS server addresses to the DNS ...
(microsoft.public.dotnet.general)
RE: Is this as bad as it seems?
... The network being protected by the router or firewall is still vulnerable to ... > circumvented - the administrator has explicitly allowed HTTP traffic on ... this exploit has the effect of allowing the attacker to send *INBOUND* HTTP ... The HTTP server (located on the internal network or anywhere else that is ...
(Security-Basics)