Re: [PLUG] cable modem and MAC

Paul on Fri, 19 Sep 2003 11:44:18 -0400

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] cable modem and MAC

From: Paul <emailme@dpagin.net>

To: plug@lists.phillylinux.org

Subject: Re: [PLUG] cable modem and MAC

Date: Fri, 19 Sep 2003 11:43:06 -0400

Reply-to: plug@lists.phillylinux.org

Sender: plug-admin@lists.phillylinux.org

User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030624

So far the wired part of the network has been easy to secure, although I'm not sure exactly how secure it is right now. (modem-->firewall -->IP_masq-->trusted_net) All I did was use RedHat's overly simple utility to configure the firewall to block traffic coming from the Internet and to trust the LAN. Then, I added port forwarding with IP masquerading to allow the LAN to reach the Internet.

I'm anticipating that securing the wireless segment, the way I want it to work, will not be as simple. Right now there is hole the size of Lincoln Tunnel in my network. (laptop-->adhoc_wireless-->IP_masq-->modem) I want the laptop to be able to access the LAN and the Internet through an encryted tunnel. Nothing but the tunneled connection should be allowed. I'm thinking VPN.

So, the questions become... How can I establish an encypted tunnel between a Windows laptop and a GNU/Linux PC? How can I make sure the laptop will not be compromised, allowing an attack to use that encryted tunnel for its own purposes? Should I not use adhoc mode?

LeRoy Cressy wrote:

Also, if you have public access like a mail server or web server running, you should have a minimum of 3 ethernet cards in your firewall. Internet eth0 DMZ eth1 Lan eth2

For the paranoid it should be virtually impossible to get from the DMZ network or the Internet to the Lan, but allow the Lan access to both the Internet and the DMZ. This makes it a little hard, but and impossible for remote administration / access.

Art Clemons wrote:

Since you are going to go this route, could you over the course of a few weeks detail what you're doing for a router. For example are you going to try something like Coyote Linux or are you just going to run a script on an already working box? I personally am intrigued by the concept of a one floppy setup system and have played with them but the NAT routers are fun. Of course tcpdumping the IP address was fun, and let me know that at least someone in my cable subnet was scanning ports.

_________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce General Discussion -- http://lists.netisland.net/mailman/listinfo/plug

Follow-Ups:

[PLUG] Re: cable modem and MAC
From: Tom Diehl <tdiehl@rogueind.com>

References:

RE: [PLUG] cable modem and MAC
From: "Chris" <chris@jynx.net>

Re: [PLUG] cable modem and MAC
From: Paul <emailme@dpagin.net>

Re: [PLUG] cable modem and MAC
From: Art Clemons <artclemons@aol.com>

Re: [PLUG] cable modem and MAC
From: LeRoy Cressy <ldc@lrcressy.com>

Prev by Date: Re: [PLUG] cable modem and MAC

Next by Date: Re: [PLUG] If you've been lazy about that OpenSSH update...

Previous by thread: Re: [PLUG] cable modem and MAC

Next by thread: [PLUG] Re: cable modem and MAC

Index(es):

Date

Thread