Securing from DMZ
Posted: Mon Apr 20, 2020 6:29 pm
Hi all thanks firstly to the team for this software it appears to be awesome!
Right here's the background. I am trying out SoftEther on a Linux box set up via Linux Deploy on an old Android mobile phone. I have installed the system as Debian 10 and got SoftEther booting up with a sysv service.
My ISP's broadband router is poor, it seems to have issues with IPSec and is well documented online as having this issue with the hardware they issue, so no matter what settings or port forwarding I use, it will always fail unless I place the box in the DMZ. That includes if I try to punch through with Azure or any other service, it always fails due to my ISP's equipment.
I also have to enable secure NAT on SoftEther for it to work even on DMZ.
Here's my issue. If I put the Linux box straight on DMZ I'm worried I'll get brute force attacked very quickly.
I have tried to install Fail2Ban but due to how the initialisation works on Linux Deploy this seems to have a problem, so after spending many hours I've given up on this idea.
What I want to do is two things really. First I want to somehow delay the attempts at allowed failed logins, so for instance if there's one failed login I want to delay or ban the next attempt. Any suggestions how I can do this any other way but not Fail2Ban?
The next thing I want to do is restrict any management or ability to log on as a server manager unless it is via a local terminal not remote, again is it possible to do this?
I've sent lots of detail to my ISP but I doubt they will change their hardware for me!
Thanks all.
Right here's the background. I am trying out SoftEther on a Linux box set up via Linux Deploy on an old Android mobile phone. I have installed the system as Debian 10 and got SoftEther booting up with a sysv service.
My ISP's broadband router is poor, it seems to have issues with IPSec and is well documented online as having this issue with the hardware they issue, so no matter what settings or port forwarding I use, it will always fail unless I place the box in the DMZ. That includes if I try to punch through with Azure or any other service, it always fails due to my ISP's equipment.
I also have to enable secure NAT on SoftEther for it to work even on DMZ.
Here's my issue. If I put the Linux box straight on DMZ I'm worried I'll get brute force attacked very quickly.
I have tried to install Fail2Ban but due to how the initialisation works on Linux Deploy this seems to have a problem, so after spending many hours I've given up on this idea.
What I want to do is two things really. First I want to somehow delay the attempts at allowed failed logins, so for instance if there's one failed login I want to delay or ban the next attempt. Any suggestions how I can do this any other way but not Fail2Ban?
The next thing I want to do is restrict any management or ability to log on as a server manager unless it is via a local terminal not remote, again is it possible to do this?
I've sent lots of detail to my ISP but I doubt they will change their hardware for me!
Thanks all.