Debian Clusters for Education and Research: The Missing Manual

Setting up Firewall Services

From Debian Clusters

Jump to: navigation, search

Because of the setup with the firewall forwarding SSH and other requests, security measures need to be set up in two places, both the firewall and the head node. This the barebones minimum for setting up a firewall; a more strenuous approach is highly recommended. Here, we will set up

IPTables: DNAT/SNAT

Iptables is built into Debian and doesn't need to be installed. It needs to be configured on the firewall to forward requests between the Internet and the internal network (DNAT and SNAT). See NAT with IPTables for directions.

Fail2Ban

Fail2ban utilizes IPTables to stop brute force SSH attacks. After a certain number of SSH attempts with a failed username or password, the IP address of the attacker is temporarily blocked from SSH for a certain amount of time. Because SSH requests are forwarded by the firewall to the head node, the head node needs to be set up with Fail2ban. See Fail2Ban: Preventing Brute Force SSH for directions.

Retrieved from "http://debianclusters.org/index.php/Setting_up_Firewall_Services"
Personal tools