|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
[PLUG] two interfaces and security
|
I'm trying to understand a subtlety about ipchains and routing across
two ethernet interfaces.
At home (in Philadelphia), I have a cheap old machine with two
ethernet cards that acts as firewall and routes from DSL to my
LAN. Then I do my real work and have my data on a different box on the
LAN. This makes it relatively easy to understand the firewall.
As you may know if you read a recent missive from me, I'm temporarily
living in Europe (Paris, for work). And the machine I was going to use
for the firewall is toast, or, at least, the power supply, but it's an
old Mac, and it's not worth the effort to get working and buy parts
for, imho, just to bring up PPC linux on an old machine.
So I'm trying to figure out how much more vulnerable I am if I put two
ethernet cards on my real machine with real data. I think that if I
then use some simple ipchains (a la what Darxus posted, for the sake
of concrete example) that basically says I'm only listening to ssh on
the outside port, that I have some reasonable expectation of privacy
on that machine, even if I bring up, say, apache, for internal use. Or
X, or gnome, or anything else that listens to a socket for local use.
Does this sound correct? Or am I missing something and I should really
go out and find an old machine somewhere?
--
Jeff
Jeff Abrahamson <http://www.purple.com/jeff/>
______________________________________________________________________
Philadelphia Linux Users Group - http://www.phillylinux.org
Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
General Discussion - http://lists.phillylinux.org/mail/listinfo/plug
|
|