i have a linux server runnig oracle applications.
i need to access this server from putty using ssh through internet.
i did by registering my static ip with the dnydns.org and i am able to connect to the server.
but now there is no security to authenticate any user as any one knowing the password can login to it.
i thought of configuring the firewall of linux server but the client ip`s are not static and they change continiously.
so thought of keeping one more pc between the server and the router which will do the work of authenticating. but i am confuse as how to configure it to allow the packets coming from the internet after authenticating and to by pass the packets generated from internal LAN?
i have heared abut freeradius package but i am not sure will it work in my case?
I think you're confusing some technologies here. RADIUS is an authentication mechanism for dial-up connections. For a firewall on Linux, take a look at iptables, and maybe use fwbuilder for the first steps.
And make sure you have physical access to the machine (or something similar), in case you lock yourself out.
i have a linux server runnig oracle applications.
i need to access this server from putty using ssh through internet.
i did by registering my static ip with the dnydns.org and i am able to connect to the server.
but now there is no security to authenticate any user as any one knowing the password can login to it.
i thought of configuring the firewall of linux server but the client ip`s are not static and they change continiously.
so thought of keeping one more pc between the server and the router which will do the work of authenticating. but i am confuse as how to configure it to allow the packets coming from the internet after authenticating and to by pass the packets generated from internal LAN?
i have heared abut freeradius package but i am not sure will it work in my case?
Another one would be Coyote Linux. And you're still confusing technologies. RADIUS (and by deduction, FreeRADIUS) have nothing to do with how a firewall works.
What you want is a firewall (only allow connections from certain IPs to certain ports) / gateway (communicate between different networks and allow a certain amount of connections between them).
You would need RADIUS if you'd have a modem/DSL pool, which your customers/employees use to connect to you and you'd want to authenticate them. While the two technologies are often used together, they're doing two different things.
actually my prime importance is to authenticate each and every connection made to my server outside my private lan i.e. from internet.
---------- Post updated 02-10-10 at 10:12 AM ---------- Previous update was 02-09-10 at 04:22 PM ----------
i am posting again my question in more detail again
i have a linux enterprise server running oracle apps and other services. i have opened a port in the router in such a way that i am able to access my server remotely from internet.
now i want a package or settings that would grant access to people who i want by giving them additional password and usernames as i cannot track their ip`s as they keep changing dynamically as they log in from datacards nor i can use mac based configuration of firewall.
so now i need a system that would be common for all the users using any software like putty or toad or any package to acess my server. it should use basically some authentication technique.
i thought of using private and public key but it will work only with putty and not with toad..
i have heared about freeradius but i am not able to use it as i am not getting any proper notes or documentation which i can follow...