Hi all,
Just upgraded from Skybox F3 to Vu+ Uno (ViX 2.4 image) and very happy so far, got loads of stuff setup with the great help found on here. However a couple of things are bugging me that I'd appreciate a few pointers on:
I'm not new to Linux, but not an expert either and my experience is with the desktop/server distros, and the linux embedded in ViX 2.4 image that I'm using is a little different to what I'm used to.
1) There is no su/sudo. I like to secure SSH for remote access. So far I've configured the dropbear init script to disable password logins and use public key auth only on a non standard port. But I'd really like to disable root login too if possible, login as a different user and use su/sudo to get the root privs I need.
2) There's no iptables firewall support. I use OpenVPN, but like to 'split' the tunnel so that I can choose the traffic that goes via VPN with the rest going via my ISP as usual. Currently I'm using ip routing table commands to do this. However, for one particular case the IP address is provided by dyndns so a simple ip route is not ideal. I'd like to filter by destination port, but the only way I know to achieve this is to use iptables to 'mark' the packets and then use an 'ip rule' to redirect those packets to the VPN tun interface.
I have installed iptables with ipkg, but it only sets up the default 'filter' table, and I'd need the 'nat' and 'mangle' tables to do port filtering.
Anyone have any advice on these? I'm new to E2 and ViX is the only image I've tried so far. Do any of the other images (VTI/PLI/BH) provide this support, or is there a way to do what I want in ViX?
TIA.
Just upgraded from Skybox F3 to Vu+ Uno (ViX 2.4 image) and very happy so far, got loads of stuff setup with the great help found on here. However a couple of things are bugging me that I'd appreciate a few pointers on:
I'm not new to Linux, but not an expert either and my experience is with the desktop/server distros, and the linux embedded in ViX 2.4 image that I'm using is a little different to what I'm used to.
1) There is no su/sudo. I like to secure SSH for remote access. So far I've configured the dropbear init script to disable password logins and use public key auth only on a non standard port. But I'd really like to disable root login too if possible, login as a different user and use su/sudo to get the root privs I need.
2) There's no iptables firewall support. I use OpenVPN, but like to 'split' the tunnel so that I can choose the traffic that goes via VPN with the rest going via my ISP as usual. Currently I'm using ip routing table commands to do this. However, for one particular case the IP address is provided by dyndns so a simple ip route is not ideal. I'd like to filter by destination port, but the only way I know to achieve this is to use iptables to 'mark' the packets and then use an 'ip rule' to redirect those packets to the VPN tun interface.
I have installed iptables with ipkg, but it only sets up the default 'filter' table, and I'd need the 'nat' and 'mangle' tables to do port filtering.
Anyone have any advice on these? I'm new to E2 and ViX is the only image I've tried so far. Do any of the other images (VTI/PLI/BH) provide this support, or is there a way to do what I want in ViX?
TIA.
Comment