Re: selecting old machines for firewall/router use

On Wed, 23 Feb 2011, Andrew McGlashan wrote: > An unpatched machine [for whatever reason], behind NAT has a > fighting chance, but one which is directly addressable from the The protection offered by NAT is equivalent to a statefull firewall that only allow sessions to be initiated by the inside[

Re: selecting old machines for firewall/router use

On 22 February 2011 00:45, Stan Hoeppner wrote: > shawn wilson put forth on 2/21/2011 6:05 PM: > > On Mon, Feb 21, 2011 at 6:45 PM, Stan Hoeppner >wrote: > > > >> Pascal Hambourg put forth on 2/21/2011 3:51 PM: > >>> Stan Hoeppner a écrit : > > You only need one > NIC in your fire

Re: selecting old machines for firewall/router use

Andrew McGlashan wrote: And from the further reading referenced in the other response [1] I see a problem with the following: At the same time, this tracking is per address. In environments where the goal is tracking back to the user, additional external information will be neces

Re: selecting old machines for firewall/router use

Hi, Pascal Hambourg wrote: Andrew McGlashan a écrit : Well NAT does have it's advantages, one being that it can act as a reasonably good barrier as a NATural firewall. This is a common misconception. I cannot tell about other NAT's, but Netfilter NAT is not a barrier at all. It's a goo

Re: selecting old machines for firewall/router use

Andrew McGlashan a écrit : > > Well NAT does have it's advantages, one being that it can act as a > reasonably good barrier as a NATural firewall. This is a common misconception. I cannot tell about other NAT's, but Netfilter NAT is not a barrier at all. > but if you have every device with

Re: selecting old machines for firewall/router use

On Wed, Feb 23, 2011 at 11:42:37PM +1100, Andrew McGlashan wrote: > Well NAT does have it's advantages, one being that it can act > as a reasonably good barrier as a NATural firewall. Sure, it's not > perfect, but if you have every device with IPv6 (or v4 for that > matter) being addressable

Re: selecting old machines for firewall/router use

Hi, Paul Fraser wrote: On Tue, Feb 22, 2011 at 10:41, Nate Bargmann > wrote: Not only that but as we move to IPv6 there is no such thing as NAT. Oh, how I wish that were true... The IPv6 spec includes NAT. Well NAT does have it's advantages, one being that it c

Re: selecting old machines for firewall/router use

On Tue, 22 Feb 2011, shawn wilson wrote: > On Feb 22, 2011 6:10 PM, "Henrique de Moraes Holschuh" > wrote: > > On Wed, 23 Feb 2011, Paul Fraser wrote: > > > Oh, how I wish that were true... The IPv6 spec includes NAT. > > > > Which RFC? > > > Lmgtfy - 4684 and 5902 - don't know off hand, you'll ha

Re: selecting old machines for firewall/router use

On Feb 22, 2011 6:10 PM, "Henrique de Moraes Holschuh" wrote: > > On Wed, 23 Feb 2011, Paul Fraser wrote: > > On Tue, Feb 22, 2011 at 10:41, Nate Bargmann wrote: > > > Not only that but as we move to IPv6 there is no such thing as NAT. > > > > Oh, how I wish that were true... The IPv6 spec includ

Re: selecting old machines for firewall/router use

On Wed, 23 Feb 2011, Paul Fraser wrote: > On Tue, Feb 22, 2011 at 10:41, Nate Bargmann wrote: > > Not only that but as we move to IPv6 there is no such thing as NAT. > > Oh, how I wish that were true... The IPv6 spec includes NAT. Which RFC? -- "One disk to rule them all, One disk to find th

Re: selecting old machines for firewall/router use

On Tue, Feb 22, 2011 at 10:41, Nate Bargmann wrote: > Not only that but as we move to IPv6 there is no such thing as NAT. > Oh, how I wish that were true... The IPv6 spec includes NAT. P.

Re: selecting old machines for firewall/router use

John Hasler put forth on 2/21/2011 7:34 PM: > I wrote: >> Or from the inside. If none of the machines on the LAN are running >> Windows you're probably ok. > > Stan writes: >> How is this a security issue? Broadcast packets coming from the >> customer that hit the DSLAM are instantly dropped. >

Re: selecting old machines for firewall/router use

I wrote: > Or from the inside. If none of the machines on the LAN are running > Windows you're probably ok. Stan writes: > How is this a security issue? Broadcast packets coming from the > customer that hit the DSLAM are instantly dropped. Nothing to do with the DSLAM. These routers usually ex

Re: selecting old machines for firewall/router use

John Hasler put forth on 2/21/2011 6:24 PM: > Stan writes: >> For this to be a real security issue, any attack must start below the >> IP level... > > Or from the inside. If none of the machines on the LAN are running > Windows you're probably ok. How is this a security issue? Broadcast packets

Re: selecting old machines for firewall/router use

shawn wilson put forth on 2/21/2011 6:05 PM: > On Mon, Feb 21, 2011 at 6:45 PM, Stan Hoeppner wrote: > >> Pascal Hambourg put forth on 2/21/2011 3:51 PM: >>> Stan Hoeppner a écrit : You only need one NIC in your firewall box when using a switch. You simply plug everything into

Re: selecting old machines for firewall/router use

Stan writes: > For this to be a real security issue, any attack must start below the > IP level... Or from the inside. If none of the machines on the LAN are running Windows you're probably ok. -- John Hasler -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of

Re: selecting old machines for firewall/router use

* On 2011 21 Feb 18:14 -0600, shawn wilson wrote: > supposedly, there is also a way to 'pivot' past a nat device - i haven't > looked into this, so i can't speak to this much... Not only that but as we move to IPv6 there is no such thing as NAT. New network device installations should be taking I

Re: selecting old machines for firewall/router use

On Mon, Feb 21, 2011 at 6:45 PM, Stan Hoeppner wrote: > Pascal Hambourg put forth on 2/21/2011 3:51 PM: > > Stan Hoeppner a écrit : > >> > >> You only need one > >> NIC in your firewall box when using a switch. You simply plug > >> everything into the switch including the DSL modem and the Netgea

Re: selecting old machines for firewall/router use

Pascal Hambourg put forth on 2/21/2011 3:51 PM: > Stan Hoeppner a écrit : >> >> You only need one >> NIC in your firewall box when using a switch. You simply plug >> everything into the switch including the DSL modem and the Netgear. >> Bind both the public and private IP addresses to the same NIC

Re: selecting old machines for firewall/router use

Andrei Popescu a écrit : > > Ok, but IMVHO it would be a good idea to make sure the DHCP server does > not allocate the router's IP to some other host. Of course, like any other statically assigned address. Again, nothing special here. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.deb

Re: selecting old machines for firewall/router use

On Lu, 21 feb 11, 22:48:21, Pascal Hambourg wrote: > > > Easiest way for me was > > to just use different sub-nets. Example: leave the router on 192.168.1.1 > > and build my own network on 192.158.0.XXX > > This is unnecessary, and makes it hard to manage the device. Ok, but IMVHO it would be

Re: selecting old machines for firewall/router use

Adrian Levi a écrit : > > I'd also suggest a static ip configuration with a setup like this, as > you'll only have one computer at the end of each ethernet segement you > won't gain anything from DHCP, you'd need a subnet declaration for > each nic and a pool statement. Ethernet cards can be brid

Re: selecting old machines for firewall/router use

Stan Hoeppner a écrit : > > You only need one > NIC in your firewall box when using a switch. You simply plug > everything into the switch including the DSL modem and the Netgear. > Bind both the public and private IP addresses to the same NIC in the > firewall using a virtual NIC: i.e. eth0 and

Re: selecting old machines for firewall/router use

Andrei Popescu a écrit : > > Just don't forget to make sure the router's internal IP address is > different from any other machine on the network. Just like any other device. Nothing special here. > Easiest way for me was > to just use different sub-nets. Example: leave the router on 192.168.1

Re: selecting old machines for firewall/router use

On Lu, 21 feb 11, 07:17:18, Nate Bargmann wrote: > * On 2011 20 Feb 22:06 -0600, Stan Hoeppner wrote: > > Some consumer wireless routers don't like to do DHCP pass through, and > > won't serve DHCP when configured as a bridge, in which case the Linux > > firewall will have to serve DHCP. If the wi

Re: selecting old machines for firewall/router use

On Sun, Feb 20, 2011 at 9:26 PM, Greg Madden wrote: > > > On Sunday 20 February 2011 03:03:35 pm Nate Bargmann wrote: > > * On 2011 20 Feb 14:22 -0600, Elmer E. Dow wrote: > > > Greetings: > > > > > > I'd like to set up a network with a firewall for my home computers > > > for security, control a

Re: selecting old machines for firewall/router use

* On 2011 20 Feb 22:06 -0600, Stan Hoeppner wrote: > Some consumer wireless routers don't like to do DHCP pass through, and > won't serve DHCP when configured as a bridge, in which case the Linux > firewall will have to serve DHCP. If the wireless router won't pass > DHCP from the wired to wireles

Re: selecting old machines for firewall/router use

John Hasler put forth on 2/20/2011 3:08 PM: > Elmer writes: >> 300 Mhz processor boot manager on 3.5-inch diskette so it can boot >> from diskette, CD or hard drive > > That'll work fine as long as it has enough RAM to install Debian. Not to mention disk space. Even though the OP asked on this l

Re: selecting old machines for firewall/router use

Elmer E. Dow put forth on 2/20/2011 2:02 PM: > Greetings: > > I'd like to set up a network with a firewall for my home computers for > security, control and convenience (file sharing), as well as to learn > about networking. We have the Internet entering via a Motorola DSL modem > and it currently

Re: selecting old machines for firewall/router use

On Sunday 20 February 2011 03:03:35 pm Nate Bargmann wrote: > * On 2011 20 Feb 14:22 -0600, Elmer E. Dow wrote: > > Greetings: > > > > I'd like to set up a network with a firewall for my home computers > > for security, control and convenience (file sharing), as well as to > > learn about network

Re: selecting old machines for firewall/router use

* On 2011 20 Feb 14:22 -0600, Elmer E. Dow wrote: > Greetings: > > I'd like to set up a network with a firewall for my home computers > for security, control and convenience (file sharing), as well as to > learn about networking. We have the Internet entering via a Motorola > DSL modem and it curr

Re: selecting old machines for firewall/router use

Elmer writes: > 300 Mhz processor boot manager on 3.5-inch diskette so it can boot > from diskette, CD or hard drive That'll work fine as long as it has enough RAM to install Debian. -- John Hasler -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe

Re: selecting old machines for firewall/router use

On 21 February 2011 06:02, Elmer E. Dow wrote: > Greetings: > 300 Mhz processor > boot manager on 3.5-inch diskette so it can boot from diskette, CD or hard > drive > ethernet jack on motherboard > 5 pci slots > 4 isa slots > (I have a pci nic and 2 isa nics on hand, plus there's that built-in