1 |
On Thursday 11 January 2007 22:15, Jorge Almeida wrote: |
2 |
> On Thu, 11 Jan 2007, b.n. wrote: |
3 |
|
4 |
> > Well, you can disable router firewalling and firewalling your box, why |
5 |
> > not? Actually, that's the most sensible thing to do. |
6 |
> |
7 |
> I think I was confused and said nonsense. The box having a private IP |
8 |
> doesn't preclude it seeing the IP of incoming packets, so I suppose I |
9 |
> can have the router firewall active (whatever it may be) and also |
10 |
> Shorewall on the workstation. After all, redundant security doesn't |
11 |
> hurt. |
12 |
|
13 |
That's how I have set up mine. The Netgear [ADSL modem/NAT router/SPI |
14 |
firewall (statefull packet inspection)] box does its tricks, inc. acting as a |
15 |
DHCP, DNS server and gateway for the boxen on the LAN, while each LAN machine |
16 |
has an additional layer of security by running its own firewall. |
17 |
|
18 |
BTW, my Netgear DG834 is running this much: |
19 |
=============================================== |
20 |
cat /proc/version |
21 |
Linux version 2.4.17_mvl21-malta-mips_fp_le (root@Run-P4) (gcc version 2.95.3 |
22 |
20010315 (release/MontaVista)) #6 Wed Sep 7 16:50:05 CST 2005 |
23 |
|
24 |
iptables |
25 |
iptables v1.2.8: no command specified |
26 |
=============================================== |
27 |
|
28 |
and this is what's in the box: |
29 |
=============================================== |
30 |
cat /proc/cpuinfo |
31 |
processor : 0 |
32 |
cpu model : MIPS 4KEc V4.8 |
33 |
BogoMIPS : 149.91 |
34 |
wait instruction : no |
35 |
microsecond timers : yes |
36 |
extra interrupt vector : yes |
37 |
hardware watchpoint : yes |
38 |
VCED exceptions : not available |
39 |
VCEI exceptions : not available |
40 |
|
41 |
cat /proc/meminfo |
42 |
total: used: free: shared: buffers: cached: |
43 |
Mem: 14757888 9375744 5382144 0 1011712 3612672 |
44 |
Swap: 0 0 0 |
45 |
MemTotal: 14412 kB |
46 |
MemFree: 5256 kB |
47 |
MemShared: 0 kB |
48 |
Buffers: 988 kB |
49 |
Cached: 3528 kB |
50 |
SwapCached: 0 kB |
51 |
Active: 1608 kB |
52 |
Inactive: 4268 kB |
53 |
HighTotal: 0 kB |
54 |
HighFree: 0 kB |
55 |
LowTotal: 14412 kB |
56 |
LowFree: 5256 kB |
57 |
SwapTotal: 0 kB |
58 |
SwapFree: 0 kB |
59 |
=============================================== |
60 |
|
61 |
You configure the iptables using the web GUI, which runs on cgi scripts. |
62 |
OpenWRT have a work-in-progress Linux image for it. Hopefully development |
63 |
will continue because I really like to set up ssh access to it. There are |
64 |
also ADSL routers in the market that have usb ports for attaching USB drivers |
65 |
to be accessed by LAN machines as network drivers. Of course hacking the |
66 |
kernel on a machine like DNS-120, which can accept USB flash or hard drives |
67 |
and make them accessible from the Internet is probably a more interesting |
68 |
proposition . . . |
69 |
-- |
70 |
Regards, |
71 |
Mick |