|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] fire wall question(s)
|
If your friend would put a second ethernet card in the Linux box then
the Linux box can act as the firewall using either iptables or ipchains
depending upon the kernel that is in the Linux box. The configuration
would be:
DSL Router --> eth0 Linux eth1 --> HUB <-- Windows Clients
If you connect the HUB to the DSL Router then you do not have a
firewall. But the Linux box can be connected directly to the DSL Router
with setting it up as a firewall. Personally I am in favor of a
separate firewall with 3 NIC's, but I realize that for cost some want
the firewall to handle httpd and whatever services that you want to
serve up to the outside world.
Your friend running anw windows box on a DSL without a firewall is in
extreme danger. All you need is an open port to write to and you're in
to do whatever you want.
Jon Galt wrote:
>
> Hi all, I'm discussing the need for a firewall with a friend of mine who
> has DSL and connects a Win2K box and a Linux box to it via a hub. He
> agrees with me that a firewall is good for segregating the LAN traffic
> from the outside world. (For example, having ftpd running on my Linux
> box, but not allowing anybody outside the firewall to make ftp connections
> in.)
>
> But here's a scenario he has suggested:
> "But still I suppose that if you had a dedicated server, say
> for HTTP, then your machine has no business listening to
> anything except HTTP coming in on port 80. If you set it up
> so that it responds only to HTTP on port 80, then a firewall
> between it and the Internet could not add anything but delay.
> Assuming, that is, that I know what I'm talking about."
>
> Any comments on this?
>
> Also, I'm curious about his ip configuration.
>
> "Windows 2000 IP Configuration
>
> Ethernet adapter Local Area Connection:
>
> Connection-specific DNS Suffix . :
> IP Address. . . . . . . . . . . . : 192.168.0.1
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . :
>
> PPP adapter WinPoET Connection:
>
> Connection-specific DNS Suffix . :
> IP Address. . . . . . . . . . . . : 63.173.123.25
> Subnet Mask . . . . . . . . . . . : 255.255.255.255
> Default Gateway . . . . . . . . . : 63.173.123.25"
>
> Is that two separate interfaces, or is the PPP over Ethernet (WinPoET)
> adapter using the local ethernet that is listed?
>
> He didn't send the ifconfig info on his Linux box.
>
> Just trying to learn more about network/security issues.
>
> Thanks,
> Wayne
>
> ______________________________________________________________________
> Philadelphia Linux Users Group - http://www.phillylinux.org
> Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
> General Discussion - http://lists.phillylinux.org/mail/listinfo/plug
--
Rev. LeRoy D. Cressy mailto:lcressy@telocity.com /\_/\
http://www.netaxs.com/~ldc ( o.o )
Phone: 215-535-4037 > ^ <
Jesus saith unto him, I am the way, the truth, and the life:
no man cometh unto the Father, but by me. (John 14:6)
______________________________________________________________________
Philadelphia Linux Users Group - http://www.phillylinux.org
Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
General Discussion - http://lists.phillylinux.org/mail/listinfo/plug
|
|