1 |
On Friday 14 December 2007, reader@×××××××.com wrote: |
2 |
> Mick <michaelkintzios@×××××.com> writes: |
3 |
> >> Would I likely be opening my lan up for some christmas shopping by |
4 |
> >> having a gentoo guest on a WinXP host running as a DMZ machine? |
5 |
> >> It would be pretty barebones with a IPTABLE setup for logging and |
6 |
> >> tagging or whatever I get interested in doing with the traffic. |
7 |
> >> |
8 |
> >> No X server or other frills. |
9 |
> > |
10 |
> > A rather simpler solution to do this would be to get hold of hub, connect |
11 |
> > it to the firewall and watch everything that passes through it. |
12 |
> |
13 |
> I do have an older hub, but not sure what you mean here. The hub has |
14 |
> no network address and of course is not switched so anything going |
15 |
> thru it can be filtered with tcpdump. But the router is switched. |
16 |
> Not sure how a hub would see the outfacing address. I'd be able to |
17 |
> see all the lan machines that were going thru it, but how about the |
18 |
> traffic that the firewall is rejecting? Thats what I'm after. |
19 |
> |
20 |
> Can you elaborate a little? |
21 |
> |
22 |
> Maybe you mean something different by `hub'. |
23 |
|
24 |
I mean a hardware hub, not a switch and not a router. You need to place it |
25 |
in-line between your router/switch and your modem. Being on the WAN side of |
26 |
your NAT it will 'see' all the packets that go to/from the Internet |
27 |
(unfiltered). On the other side of the router you get the filtered traffic |
28 |
which when compared/contrasted with the WAN side will show you what the |
29 |
router and it's firewall are doing. I hope this is a bit clearer, otherwise |
30 |
please email me if you think this is getting off topic. |
31 |
-- |
32 |
Regards, |
33 |
Mick |