[H-GEN] Firewall configuration on a remote machine
gavin at microcomaustralia.com.au
Tue Feb 15 18:34:40 EST 2011
On 10 Feb 2011, at 08:55, Robert Brockway wrote:
> On Wed, 9 Feb 2011, gavin duley wrote:
>> I don't think there are any, but then I have no access to dom0 (aka the host machine). I guess this one of the downsides of using a commercial virtual host.
> Hi Gavin. Check with the provider. Every VPS provider that I've looked at closely allows console access of some description. For example, Linode allows access to a serial console via ssh to an IP not on my VPS. I needed to put in an RSA key pair for this to work. They also offer an AJAX console through their managememnt interface if you are really stuck.
Yes, there is console access.
My comment about not having access to the host machine was in response to this point in a message from David Seikel:
> Being virtual, it may have file system partitions that are accessible
> outside the virtual box. Depends on how that is set up. That can both
> be a life saver if you screw up your firewall, and one other way to
> attack your system.
I assume that I can't really tell whether any file system partitions are accessible from outside the virtual box or not without ssh access to the host machine. I doubt that this is the case, though.
>> I guess the answer would be to backup key files, and then just reinstall everything from scratch if it goes wrong. This is easy enough to do, even if I've lost access to the machine (there is a web interface to allow you to do this). It seems a bit overdramatic, though.
> If the VPS provider expects you to reinstall after an error like locking a firewall then you need a new VPS provider.
I probably would be able to fix it myself using the console access. If this wasn't possible for some reason, I'm not sure there would be much I could do other than reinstalling. Of course, there could be an alternative solution that I'm overlooking here.
Additionally, they do state:
> Panix's V-Colo Service is essentially an unmanaged service. It is yours to administer. If you want Panix's help in administering your machine, our usual consulting charges apply. We'll be happy to discuss this with you.
> Of course, if you think there's a problem with the service itself, please get in touch and we'll fix it.
Personally, I don't have a problem with this. I'm happy administering the server myself.
Honestly, if you're given the choice between Armageddon or tea, you don't say 'What kind of tea?'
-- Neil Gaiman
<gavin at microcomaustralia.com.au> <gpd at sdf-eu.org>
More information about the General