|
Posted by Moe Trin on January 30, 2005, 6:30 pm
If you were Registered and logged in, you could reply and use other advanced thread options
>I have a box set up with Smoothwall on it. I also have Servers Alive
>running on my home network. I use Salive to check other boxes,
>services and my cable connection. I have it checking the Smoothwall
>box, ping to see the box and a URL check of the first page on
>Smoothwall, so I know that the box is up and running.
I don't use Smoothwall (disagreement with them years ago), and don't run
a web server on the firewall, but your concept is fine.
>Does Smoothwall have any ports that can be checked??
What are you running on the firewall, and what rules have you got to
protect it? Our firewall does not accept ANY connections from the
outside or DMZ, and only accepts SSH from a few specific workstations
on the inside network. All other internal connections are rejected. Mail,
DNS, FTP, web services and the like _pass through_ the firewall as needed,
but the firewall itself has only that one SSH server running, and even that
is on a non-standard port number for additional security. The firewall is
permitted to initiate connections to the INTERNAL DNS servers and to the
log server (system and firewall logs go to a central log server and to a
printer in addition to /var/log/*). To see that the firewall is up and
running properly, we merely check the firewall log on the log server.
There's more than enough 31337 skript kiddiez and Loosedoze worms out there
stroking ports for us to know that we have connectivity. We only log
attempts to connect to one less commonly used port on the firewall, and
that's enough to run through half a box of continuous feed paper in a month.
I'd hate to think how fast we'd go through a box if we bothered to log all
attempts to connect to the firewall.
Old guy
| 
XML site map