On Sat, Feb 15, 2003 at 03:39:01PM -0500, Roberto Sanchez wrote:
> I am planning on getting DSL in the near future, so I have been considering
> what to do about a firewall.
>
> My intended setup is like this:
>
> www -> DSL modem -> cable/DSL router w/ hardware FW -> small LAN
>
> However, I would still like to have a firewall on each individual machine.
Ack. Why not just go with
Internet <-> DSL bridge[1] <-> i80486 running Debian, 2.4 kernel with
IP connection tracking enabled, with ipmasq package installed <->
small LAN.
This is, in the long run, a simpler, easier to maintain and reasonably
secure solution since you can easily, cheaply update Debian but not
hardware. "But my Linksys network appliance will let me flash it's
BIOS!" Do you honestly trust something that hasn't had too many
eyeballs on it to be very secure? I don't expect these to do stateful
firewalling, which Linux will do. Stateful firewalling allows you to
use things like ICQ, IRC and online games through NAT without serious
problems.
I would make the boxen on the LAN reasonably secure without resorting
to firewalling, it'll only serve as a source of much irritation and
needless complication when you want to set something up for all the
machines to use....
[1] These are not modems. They are usually ethernet to DSL bridges.
--
.''`. Baloo <[EMAIL PROTECTED]>
: :' : proud Debian admin and user
`. `'`
`- Debian - when you have better things to do than to fix a system
<< attach3 >>
I know it is not really a modem :-) I picked up the habit from my mother. She formerly worked in the sales dept. at the local telco, and when people couldn't figure what what an ISDN (and later DSL) network adapter was they resorted to calling them ISDN (and later DSL) modems. I know it's wrong, sorry.
It's funny that you point out the closed BIOS issue to me. I am always telling everyone I meet about how much more secure open source code is for that very reason. I guess it just slipped my mind.
About using a machine as a firewall, the machine I have for this is a Pentium Pro 200 with 128 MB RAM. However, my concern is that it might be too slow since I run WindowMaker so that when the laptop is gone my wife can still pull up OpenOffice or Mozzila and work on whatever she needs. Also, I was trying to avoid having to mess with PPPoE setup (but I don't know how hard it is).
It has a PCI 3COM 3C905TX 10/100 NIC and I just acquired another identical card from the CompSci dept. at school from some old Pentium 100s that were getting tossed. But, I am not sure on how to set it up correctly to do what you are suggesting, is there a good HOWTO floating around?
Another question, now that the firewall is setup, when I dial in to school from that machine I get hits on my firewall from the two DNS servers trying to communicate in on port 1080 (when that fails they go to 1081, 1082, and so on). Why is that and how do I fix it? Right now I have to shut off the firewall to dial out (kind of defeats the purpose).
-Roberto Sanchez
_________________________________________________________________
MSN 8 with e-mail virus protection service: 2 months FREE* http://join.msn.com/?page=features/virus
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
