Anyone running a firewall on SheevaPlug?

[kb100]

I just ordered a SheevaPlug and I'm planning to install Debian on it and use it as a firewall. Has anyone tried this route?

If so, can you please share your experience?

Thank you!

[sillis]

sudo apt-get install fail2ban

Only firewall you need. remember to configure the /etc/fail2ban/jail.conf file. My recommendation is to change default section to the following:

DEFAULT]

# "ignoreip" can be an IP address, a CIDR mask or a DNS host
ignoreip = 127.0.0.1
iqnoreip = 192.168.0.0/24  #change this to your LAN ip range....
bantime  = 36000
maxretry = 2

Also bear in mind that opening port 22 (ssh) lures all kinds of automated scripted attack to your sheevaplug. So be sure you have some firewall installed before you open said port.  Once i forgot to restart fail2ban, then after a week i looked at the logs. i got about 3200 attacks to my box that week.

Changing the port number to something else is a good way to dilute the amount of attacks.

[kb100]

Thank you!

Will the log have the full URL visited? If possible, can you give an example of the visited URL from any of the connected computers?

I have a DSL modem and a router. After reading some of the posts, I know that I also need a USB to Ethernet adapter. Can you provide some more details on how the connections go?

[sillis]

For more information about fail2ban and making a script which parses number of attacks from log files, go read this.   http://www.the-art-of-web.com/system/fail2ban/

The logs can be found in /var/log/  folder. each time someone makes a ssh connection, details about that connection gets appended to /var/log/auth.log.

As for the connections, no usb to ethernet of vice versa adapter is needed. Sheevaplug is connected to your router with standard ethernet cable. The usb port is used to connect a usb stick or external usb harddrive, which ever your prefer. You can also connect usb hub to sheevaplugs usb port and thus have more usb ports to use.

[kb100]

sillis,

This kind of log is not that useful for me:

2006-02-13 15:52:30,388 fail2ban.actions: WARNING [sendmail] Ban XXX.66.82.116 2006-02-13 15:59:29,295 fail2ban.actions: WARNING [sendmail] Ban XXX.27.118.100 2006-02-13 16:07:31,183 fail2ban.actions: WARNING [sendmail] Unban XXX.66.82.116

Does it have a logging mode where I can see the full URL visited from the connected PCs ? Something like
http://news.yahoo.com/s/ap/20101024/ap_on_re_us/cb_haiti_disease_outbreak

[haha0123]

Druids are 重庆团购 allowed to wear cloth 重庆二手交易 and leather. They can use all of the maces, daggers, fist weapons, and staves. Many druids 重庆二手电脑 prefer the staves 重庆二手手机 because they add bonuses to final fantasy leveling their caster attributes. The bonuses that come with other weapons are typically more final fantasy gold appropriate for other forms. If you are in animal form, you can’t use a proc ff14 gold weapon so you shouldn’t even ffxiv power leveling weaste your time and money getting ff14 power leveling these items.You should, however, be concerned with your armor. Bear and dire bear ffxiv power leveling form will multiply your armor bonus. You might not have the money to buy a really powerful enchantment, but an even a simple armor patch can be really effective

[Alucard]

Er,  I think you two are talking about two different things. fail2ban is meant mainly for stopping SSH bruteforce attacks. But I think kb100 wants to use the plug as a router & NAT device for his/her other computing devices.  At least, that's what I read from "use as a firewall" and "log all URLs".