On Sun, 30 Jul 2000, Glen Lee Edwards wrote:

> On Sun, 30 Jul 2000, M. Neidorff wrote:
> 
> >If this is a question (I'm not sure you are asking or not), then what you 
> >say is correct.  It is exactly what I am doing here.  The one possible 
> >misunderstanding is that ipchains is not required to make the 
> >connection...it does security.
> 
> I could use some clarification on this:  I'm in the process of installing
> DSL, and am going to use a Linux box as a firewall, with 2 (maybe 3)
> Windows machines behind it on the LAN.  These are home PC's, nothing of a
> real sensitive nature on them, and the Windows boxes aren't set up for
> file or printer sharing, so no one can get in to see their files anyway.
> 
> Basically what you're saying is that I can just hook up the ethernet
> cards, do some modifications on the Linux firewall to include the gateway
> IP address, allow packet forwarding, assign each ethernet card an IP
> address; and basically we're off?
> 
> I was told that to use ipchains I have to compile ipchain support into the
> kernel - never recompiled the kernel, don't have a clue how to do this.
> 
> Glen
> 
> 
With a Red Hat kernel, it is already compiled in.  (As long as it is a
2.2.x kernel.  2.0.x use ifpwadm...)  Your setup is an easy one.

I have a DSL setup with a static IP that is also a WEB server, and
running sendmail with SPAM filtering, as well as masquarding up to 8
more machines inside the firewall.  (Actualy set up to support up to 20,
but I haven't tried that...)

I would sugest that you consider running the Bastille script on your
firewall machine to improve its security.  http://www.bastille-linux.org
Also, make sure you run something like logwatch, and keep a good eye on
your logs, because you will have people trying to break into your
machine.  I get someone doing a scan at least 3 times a week.  Sometimes
more.

Mikkel
-- 

    Do not meddle in the affairs of dragons,
 for you are crunchy and taste good with ketchup.


-- 
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.

Reply via email to