Mick <[EMAIL PROTECTED]> writes:
> On Friday 14 December 2007, [EMAIL PROTECTED] wrote:
>> Mick <[EMAIL PROTECTED]> writes:
>> >> Would I likely be opening my lan up for some christmas shopping by
>> >> having a gentoo guest on a WinXP host running as a DMZ machine?
>> >> It would be pretty barebones with a IPTABLE setup for logging and
>> >> tagging or whatever I get interested in doing with the traffic.
>> >>
>> >> No X server or other frills.
>> >
>> > A rather simpler solution to do this would be to get hold of hub, connect
>> > it to the firewall and watch everything that passes through it.
>>
>> I do have an older hub, but not sure what you mean here. The hub has
>> no network address and of course is not switched so anything going
>> thru it can be filtered with tcpdump. But the router is switched.
>> Not sure how a hub would see the outfacing address. I'd be able to
>> see all the lan machines that were going thru it, but how about the
>> traffic that the firewall is rejecting? Thats what I'm after.
>>
>> Can you elaborate a little?
>>
>> Maybe you mean something different by `hub'.
>
> I mean a hardware hub, not a switch and not a router. You need to place it
> in-line between your router/switch and your modem. Being on the WAN side of
> your NAT it will 'see' all the packets that go to/from the Internet
> (unfiltered). On the other side of the router you get the filtered traffic
> which when compared/contrasted with the WAN side will show you what the
> router and it's firewall are doing. I hope this is a bit clearer, otherwise
> please email me if you think this is getting off topic.
I guess someone will squawk if they think it is not topical here, but
it I think it should be ok since its about a specific setup involving
a gentoo box or hardened VM gentoo guest.
Below is a ascii art diagram of my simple network. I think you are
talking about placing the hub as shown there. If I got that right
then what I don't understand is how you talk to the hub. I mean if
you connect it to any machine in the diagram or elsewhere wouldn't you
be exposing that machine to the unfiltered internet?
It still seems you would need somekind of hardened interface to that
hub, but I'm probably not understanding how it would work..
ISP ISP
^
^
|
DSL Modem
|
XXXXX <= hub
|
|
-------------NetGearRouter/switch----------------------
| | | |
| | | |
| | | |
---------- ---------- --------- ----------
Gentoo WinXP WinXP WinXP
--
[EMAIL PROTECTED] mailing list
