December 10th, 2003, 04:41 AM
Best Way To Do It?
I need a bit of advice from all you networking gurus out there. I have a PC running Windows XP Pro that connects to the internet via ADSL. This PC is also networked to a much slower PC running Mandrake Linux.
I understand it is possible to share the connection on the XP machine to allow the Linux machine to access the internet, but my question is, is it possible to allow someone to connect via SSH or FTP to the Linux machine from the Internet?
December 14th, 2003, 07:31 PM
Probably not. Try nmap'ing your Windows machine remotely to see what ports are open.
Note that from a security point of view, you'd probably be better off putting the Linux box on the internet, configuring it to reject all incoming traffic, configuring IP forwarding, and then connecting the Windows box to it. This will give you a much more secure setup -- Windows runs with several ports open that can't easily be shut down. The recent Blaster worm exploited the RPC service running on one of these ports.
In case you were thinking it would be hard to make your Linux box reject all incoming traffic and do IP forwarding, this is how you do it:
assuming that ppp0 is your public interface. It might take a bit of work to get your ADSL modem working on Linux, but there are HOWTO's and instructions out there for the most popular models.
# enable IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
# allow traffic from already-established connections
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# drop all other incoming traffic on ppp0 interface
iptables -A INPUT -i ppp0 -j DROP