| 1 |
On Thursday 11 January 2007 22:15, Jorge Almeida wrote: |
| 2 |
> On Thu, 11 Jan 2007, b.n. wrote: |
| 3 |
|
| 4 |
> > Well, you can disable router firewalling and firewalling your box, why |
| 5 |
> > not? Actually, that's the most sensible thing to do. |
| 6 |
> |
| 7 |
> I think I was confused and said nonsense. The box having a private IP |
| 8 |
> doesn't preclude it seeing the IP of incoming packets, so I suppose I |
| 9 |
> can have the router firewall active (whatever it may be) and also |
| 10 |
> Shorewall on the workstation. After all, redundant security doesn't |
| 11 |
> hurt. |
| 12 |
|
| 13 |
That's how I have set up mine. The Netgear [ADSL modem/NAT router/SPI |
| 14 |
firewall (statefull packet inspection)] box does its tricks, inc. acting as a |
| 15 |
DHCP, DNS server and gateway for the boxen on the LAN, while each LAN machine |
| 16 |
has an additional layer of security by running its own firewall. |
| 17 |
|
| 18 |
BTW, my Netgear DG834 is running this much: |
| 19 |
=============================================== |
| 20 |
cat /proc/version |
| 21 |
Linux version 2.4.17_mvl21-malta-mips_fp_le (root@Run-P4) (gcc version 2.95.3 |
| 22 |
20010315 (release/MontaVista)) #6 Wed Sep 7 16:50:05 CST 2005 |
| 23 |
|
| 24 |
iptables |
| 25 |
iptables v1.2.8: no command specified |
| 26 |
=============================================== |
| 27 |
|
| 28 |
and this is what's in the box: |
| 29 |
=============================================== |
| 30 |
cat /proc/cpuinfo |
| 31 |
processor : 0 |
| 32 |
cpu model : MIPS 4KEc V4.8 |
| 33 |
BogoMIPS : 149.91 |
| 34 |
wait instruction : no |
| 35 |
microsecond timers : yes |
| 36 |
extra interrupt vector : yes |
| 37 |
hardware watchpoint : yes |
| 38 |
VCED exceptions : not available |
| 39 |
VCEI exceptions : not available |
| 40 |
|
| 41 |
cat /proc/meminfo |
| 42 |
total: used: free: shared: buffers: cached: |
| 43 |
Mem: 14757888 9375744 5382144 0 1011712 3612672 |
| 44 |
Swap: 0 0 0 |
| 45 |
MemTotal: 14412 kB |
| 46 |
MemFree: 5256 kB |
| 47 |
MemShared: 0 kB |
| 48 |
Buffers: 988 kB |
| 49 |
Cached: 3528 kB |
| 50 |
SwapCached: 0 kB |
| 51 |
Active: 1608 kB |
| 52 |
Inactive: 4268 kB |
| 53 |
HighTotal: 0 kB |
| 54 |
HighFree: 0 kB |
| 55 |
LowTotal: 14412 kB |
| 56 |
LowFree: 5256 kB |
| 57 |
SwapTotal: 0 kB |
| 58 |
SwapFree: 0 kB |
| 59 |
=============================================== |
| 60 |
|
| 61 |
You configure the iptables using the web GUI, which runs on cgi scripts. |
| 62 |
OpenWRT have a work-in-progress Linux image for it. Hopefully development |
| 63 |
will continue because I really like to set up ssh access to it. There are |
| 64 |
also ADSL routers in the market that have usb ports for attaching USB drivers |
| 65 |
to be accessed by LAN machines as network drivers. Of course hacking the |
| 66 |
kernel on a machine like DNS-120, which can accept USB flash or hard drives |
| 67 |
and make them accessible from the Internet is probably a more interesting |
| 68 |
proposition . . . |
| 69 |
-- |
| 70 |
Regards, |
| 71 |
Mick |
Archives