[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Sheflug] Firewalls, routers, gateways (was kernel on other machine)
"Stephen J. Turnbull" wrote:
>
> >>>>> "Barrie" == Barrie Bremner <TheEnglishman [at] ecosse.net> writes:
>
> Barrie> Still...if not this, what should I do with noodles?
>
> A firewall is a reasonable thing to do with it (him? her?) Among
> other things, noodles ... how to put this delicately? ... would be a
> much smaller loss if your firewall did get compromised. And if you're
> not running any servers that can do an arbitrary exec (that include
> ftpd and httpd, as well as rshd and telnetd) except sshd on it,
> getting useful access to inside would be very difficult. While at the
> moment, once you get to flux you ARE inside. More safety at not much
> cost.
>
> Or you could just call it a souped-up "router" or "gateway". There
> are all kinds of possibilities.
I think perhaps I've been using the wrong terms, I not entirely sure.
I assumed that a firewall is a system to keep the great unclean from
getting at my network?
A router obviously is a system to route traffic, including ip masq'ing,
and this also covers gateways.
I dunno. I get easy confused :) I usually know what I want, not what to
call the thing.
I know I want:
noodles as my default gateway.
it to run ip_masq.
to laugh a people probing/attempting to attack it.
to run little else apart from sshd, iplog, portsentry and UPS
monitoring (as a slave) on it.
the UPS monitoring I could leave out, just let it crash if the power
runs dry...but that seems a little extreme.
I might want:
to have noodles as the modem server
to run mserver (the MasqDialer server), so I can bring the modem up and
down, rather than ssh'ing in each time.
I'm aware that noodles would be a much better victim (in my eyes) to be
the exposed machine, rather than flux (and the hideous excuse for a
machine my folks have...Win98 - Ick!).
OK, I think I'm decided on this approach - which was pretty much what I
had in mind the start with.
Only things to thing about:
Stupid question - Can I keep the modem attached to flux, whilst having
noodles as the gateway/router/whatever?
I'm a bit confused about the modem. Where, how, why.
I expect that the gateway should have two interfaces - eth0 and ppp0 -
correct me if I'm wrong.
What I do I need to install onto noodles to achieve my goals - noodles
has 800Mb of space split approx 300/500 over two drives.
Could I get all this onto the 300Mb drive? I should hope so.
Once I do get all this setup, should I just drop the ipchains rules on
flux? (My guess: Yes)
Any suggestions, etc please shout...I plan on getting this install
right the first time (for once).
>
> (1) Run IPv6 behind the gateway. Could make you _very_ salable in the
> net admin market in a year or two. I doubt there are competent IPv6
> hackers with time on their hands to answer FAQs on Sheflug, tho.
> Could be wrong....
>
Not got the time. Start a new job next week.
All the time I have got spare, I'm supposed to be writing Tcl scripts
and learning SQL, but here I am spending more time ShefLUG'ing!! :-) Not
that I mind.
I'll stick with IP_v4 for the moment. Too much to think about without
messing up/with IP_v6!
> (5) A really tiny Beowulf cluster.
Ha!!! ROFLMAO! Funny as it would be to say, I run a Beowulf cluster,
the whole idea makes my head hurt, and adding a 12Mb P75 to a dual PII
400 with total memory of about 1.2 Gb won't make great performance
increases! :)
> (6) (shameful) X terminal.
Not got a monitor for it, and even if I did, no place to put it. And it
is dire running X.
> Endless possibilities!
I love Linux.
Baz.
--
Barrie J. Bremner
Email: TheEnglishman [at] ecosse.net
(PGP public key available at pgp.mit.edu)
URL: http://www.geocities.com/thefatenglishman
Telephone: UK 01672 811246
Mobile: UK 07968 792975
Quis custodiet ipsos custodes?
---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word
"unsubscribe" in the body of the message.
GNU the choice of a complete generation.