Új hozzászólás Aktív témák
-
n00n
őstag
válasz
Bjørgersson #20508 üzenetére
Inkább ideírom amikben nem vagyok biztos
Own Network:
We need to create a separate one to isolate us from other companies
It's more secure
All our servers will be in this networkFirewall Rules:
It's completely different, than on xxx (előző cég)
There are two interfaces
An internal and an external one (eth0, eth1)
You can edit the internal on the server, the external on the web interface
We need about 5-10 firewall rules only
On XXX we needed to configure the firewall on every machine.Example Rule:
We can connect from anywhere on the 22 port to every server, which has the „server” tagVPN:
We need a VPN server here as well
This allows us to communicate with the servers on the internal addresses
Need to enable masquerade in the VPN server's firewall (firewalld). It forwards the necessary IP addresses to the internal network
We will need two VPN accounts in the transitional periodNew company:
YYY doesn't allow the username/password authentication, we need SSH keys
It's more secure, but we need a policy for this
You can create SSH key for just one server
Or you can add a key for all
Every user has a Linux user (sudo)Köszönöm.
Új hozzászólás Aktív témák
- BOMBA ÁR! Dobozos új Hp Envy x360 garanciával! /2in1/Ryzen5-5625U/16GB/512 SSD/FHD/OLED/TOUCH/GARI
- Jó Áron Eladó Asus Rog Strix Ryzen 7 6800HS 16gb ddr5 RTX3050 FHD 300hz Gyátói garancia
- iMac 21,5 2013 vége I Core i5 2,7 GHz I Intel Iris Pro I 8GB RAM I 256GB SSD
- KIVÉTELES áron dobozos új Lenovo Legion 5 PRO R7-5800H 16GB 1TB SSD RTX 3070 8GB 165 Hz Garancia/
- Dell Precision T1700 SFF PC (i5-4590, 16GB Ram)