[isf-wifidog] Multiple Gateway Administration

[Leandro]

Tim Mitchell ha scritto:
>> SSH can be impossibile to use when the gateway is behind a NAT and there
>> is no DNAT rules. An OpenVPN setup will solve this issue.
>>     
> or there are several gateways behind one firewall. OpenVPN it is then.
>
>   
>>> How do you keep an eye on usage?
>>>
>>>       
>> Nagios will be your friend.
>>     
>
> Thanks - will have a look at it.
>
>
>   
>>> I've blocked port 25 so hopefully this will help to stop any gateways
>>> being used to send spam. However this won't help if there are any open
>>> relays listening on a port other than 25.
>>>   
>>>       
>> I don't understand your problem. Please explain better.
>>     
> No real problem, just an observation using open SMTP relays as an
> example.
> I know of mail servers that listen on port 26 and others that listen on
> port 2525. So just blocking the standard port for a service you don't
> want to allow out of your network isn't necessarily going to work.
>
> Should this be a worry or should I just accept that an open network is
> open so should be open to all services (but then why do I block port
> 25?)
>
> thanks for your reply
>
>
> - Tim
>   
I understand your problem. You don't want your precious IP Address used
to send SPAM either directly or via Open Relay. Blocking outgoing port
25 will be a solution, but this will block either legitimate SMTP use.
Maybe you can filter connection rate to port 25 (with iptables and
dstlimit) so sending SPAM will be too slow, but sending regular email
will be fine.


Leandro