[NTLUG:Discuss] Re: firewall/router to protect M$ box

Terry trryhend at gmail.com
Fri Jul 15 16:05:11 CDT 2005 

On 7/15/05, Johnny Cybermyth <djcybermyth at sbcglobal.net> wrote:
> That is a question for the experts(other's on the list).  I would
> imagine that you could use your main linux box to serve up Internet
> access with great firewalling with virtually no performance hit to your
> main box.  GNU/Linux runs a firewall all of the time anyway on most
> everyone's machine so it would be a matter of how resource hungry
> masquerading is.
> 
> Anyone else?


A firewall is only a truly secure and effective firewall if it's a
stand alone device.  In other words, you need to dedicated a machine
to be firewall, put 2 nicks in it and load only the necessary apps and
a customized rc.firewall script.  Or install smothwall or ipcop.  I
use ipcop.  See smoothwall.org or ipcop.org
If it's a 200MHz or so with 64 or 128M RAM, it'll be fine for a
firewall for a small LAN.



>   tr_data1 wrote:
> >>From: Johnny Cybermyth <djcybermyth at sbcglobal.net>
> >>Subject: Re: [NTLUG:Discuss] Re: Discuss Digest, Vol 31, Issue 19
> >>
> >>I have a DSL account with SBC Yahoo!.  I set my home network up
> >>using an older p2 box running a stripped down version of suse(v6.2
> >>I think) as a firewall/router.
> >>
> >>[chg to h/w firewall/router resulted in insufficient protection to M$]
> >
> >
> > That's my belief as to what would happen. I was kind of hoping that the
> > h/w ones were more robust by now. Some even talk about SPI and
> > DoS protection. I'd rather not have a monthly/yearly expense of virus
> > protection s/w on the M$ box either if going through a firewall catches
> > most things.
> >
> > If your main box was/is Linux, would you still have a separate machine
> > for the firewall/router? I have a k6/233 not being used right now but
> > it doesn't seem worth the elec$/heat/space expense vs running on my
> > main box. What are the advantages? I can't imagine such a task would
> > consume much ram/cpu/disk. Right? Or is it a matter have having all
> > the ports, etc more tightly controlled on the firewall/router box?
> > =TR=
> >
> >
> > _______________________________________________
> > https://ntlug.org/mailman/listinfo/discuss
> >
> 
> _______________________________________________
> https://ntlug.org/mailman/listinfo/discuss
> 


-- 
<><

More information about the Discuss mailing list