[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sheflug] Firewalls
I've got a similar setup over here. I've got a old box(486 66MHz) sitting
between our local network and the modem, so that all internet requests have
to go through this computer to get to the internet. I've then got an
IPChains firewall on it, so that anyone on the local network can do what
they want on the server, but anyone coming over the modem link can't even
see that the server is there.
Following on from that, I've got Portsentry sitting there, so that if they
try to portscan me, or connect to the ports that it's watching, then a new
entry is added to my routing tables to drop the connection from me to them,
so that they can't do anything to me.
I know that it's not perfect, but it's a good start, and as I'm only on a
dialup link I don't really need perfection..
--
Graham
An' Ye harm none,
do as Ye will.
----- Original Message -----
From: David Morris <nospam [at] allvac.co.uk>
To: Sheflug (E-mail) <sheflug [at] vuw.ac.nz>
Sent: Monday, August 06, 2001 2:14 PM
Subject: [Sheflug] Firewalls
> I'm looking for an opinion or three before I get started...
>
> My boss (nice man) has just agreed to have the company pay for ADSL to my
> home so I can continue working on company systems whilst the missus is
> browsing the web (!). As I'll be getting a no-nat solution (so I can
> reliably punch through the company firewalls), I want to set up a firewall
> here at home on an old P133 that's kicking around in my study. Never
having
> done a firewall with Linux before (I generally use Cisco PIX boxes), I was
> wondering if anyone has any positive or negative experiences to pass on,
or
> whether there's anything I need to watch for?
>
> Ideally, I'd like to implement IPSec to create an encrypted VPN between
home
> and work if possible (it's going to be secure and low latency because I'm
> also getting ADSL from the same ISP that we use for our leased line into
> work).
>
> What I'll probably do is set up two firewalls, one at home, and another
one
> in the office that offers an alternative route bypassing our PIX in the
> office so if necessary, I can talk *nix to *nix to establish the VPN.
Before
> anyone suggests IPSec on the PIX, ours is an old box with Cisco
proprietary
> VPN, so IPSec is out of the question with that route.
>
> Suggestions on the back of a postcard please...
>
> Finally, perhaps I should add that I'll be using SuSE 7.2 Pro for the
> builds.
>
> TIA,
>
>
> --
> David Morris, IT Manager, ALLVAC Ltd, Sheffield
> work: david [at] allvac.co.uk
> home: david [at] brassedoff.net
> http://www.davidm.demon.co.uk
>
> ---------------------------------------------------------------------
> Sheffield Linux User's Group - http://www.sheflug.co.uk
> To unsubscribe from this list send mail to
> - <sheflug-request [at] vuw.ac.nz> - with the word
> "unsubscribe" in the body of the message.
>
> GNU the choice of a complete generation.
>
>
---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word
"unsubscribe" in the body of the message.
GNU the choice of a complete generation.