RHEL7CentOS7 - Installation, Configuration & Management

Install IPFire Linux Firewall Introduction IPFire is an Open Source Linux-based firewall distribution that can be configured to provide additional security for your data center. It contains VirtIO kernel modules and offers excellent performance on the KVM hypervisor. Requirements The system requirements for IPFire are quite modest. It is recommended that IPFire be configured with at least: 1 Processor Core 1GB RAM 4GB HDD/Disk Storage 2 Network Interfaces If you wish to retain a significant amount of activity logs or anticipate installing a number of add-on packages (via  pakfire ) please allocate additional disk storage space. It is recommended that a static/reserved IP address be assigned to the WAN/Public interface. Some additional information on the process of reserving an IP address can be found in our articles  Adding Secondary Virtual IP Addresses  and  Static IP Assignment Preparation IPFire is available for download at  htt...

Install Fail2ban on Centos 7 to Protect SSH via firewalld Introduction If you are using password based authentication for SSH access to a server attached to the public internet, then this will look all too familiar. tutorial@<redacted>'s password: Last failed login: Mon Mar 20 20:47:43 UTC 2017 from 116.31.116.37 on ssh:notty There were 96619 failed login attempts since the last successful login. Last login: Mon Mar 13 18:07:23 2017 from <redacted> Did you notice the  96619  failed login attempts? The vast majority of those attempted connections are likely attempts to  guess  the credentials and gain access to your server! One way to minimize the chances of such brute-force attempts actually working is to utilize Fail2ban. Fail2ban can be configured to keep an eye on various system logs and respond to failed login attempts using local firewall rules. In this tutorial we will briefly show how to get Fail2ban installed and configured to protect ...

Deploy Outbound NAT Gateway on CentOS 7 Introduction A common network infrastructure may consist of an private network on an isolated subnet. While there may be no need for incoming connections to access the private network from the outside, there are occasions when you may need servers within the private subnet to make connections to services outside of the subnet or to the public Internet. An example may include downloading a software package, sending backup data to an external location, or applying system updates to servers on the private subnet. A Linux gateway server with two network interfaces, or NICs, can be used to bridge two networks together. One NIC will connect to an external, or public, network while the other NIC will connect to the private subnet. IP forwarding and a NAT rule are then used to route traffic from the private subnet out to the external network. The traffic from the internal servers will appear to be originating from the gateway IP address. Extern...