| 1 |
Setup: |
| 2 |
Home Lan with principle desktop machine running Gentoo. |
| 3 |
Three other machines running WinXP that are a trio of video and sound |
| 4 |
editing machines. And finally my wifes WinXP machine in antoher room. |
| 5 |
All connected by Gigabit lan thru a netgear FVP318 router/firewall. |
| 6 |
|
| 7 |
I want to begin scanning thru the traffic that bounces off my |
| 8 |
router/firewall. |
| 9 |
|
| 10 |
The router logs themselves are in a bad cumbersom format. And if I |
| 11 |
use an available option to output them to a lan System logger the |
| 12 |
information is greatly truncated and nearly useless. |
| 13 |
|
| 14 |
Router logs can be emailed but again they are cumbersom and clunky. |
| 15 |
That how I currently look through them. |
| 16 |
|
| 17 |
So cutting to the chase, I don't want to even mess around with those |
| 18 |
methods. Been there done that... didn't like it. |
| 19 |
|
| 20 |
The router has an option to route traffic to a DMZ machine. In the |
| 21 |
past when I got this same urge 2 or so years ago I setup an Openbsd |
| 22 |
OS on an older PC. Buttoned it down what little I knew to do and had |
| 23 |
lots of fun with incoming traffic.... I mean just studying and being |
| 24 |
amazed etc. |
| 25 |
|
| 26 |
I want to do that again but don't have that old machine anymore and |
| 27 |
don't want the unfamiliar hassle of relearning whatever I knew about |
| 28 |
OpenBSD. |
| 29 |
|
| 30 |
I don't want the hassle of hardening my main desktop... preferring to |
| 31 |
keep it pretty loose behind the firewall. Running a lan webserver and |
| 32 |
the like. |
| 33 |
|
| 34 |
I wondered if any of the security buffs here could tell me if a vmware |
| 35 |
gentoo guest running on one of the winXP boxes could be setup to have |
| 36 |
an independant tap on the Firewall as DMZ and not be offering every |
| 37 |
hack whiz out there a shot at my home lan. |
| 38 |
|
| 39 |
As I remember you can setup vmware with its own network address, not |
| 40 |
sharing its hosts address to some degree. |
| 41 |
|
| 42 |
But I wondered.., since any traffic is really going thru that WinXP |
| 43 |
hosts nic one way or another if it would be as safe as a truly |
| 44 |
independant host with its own ethernet wire to the router. (which is |
| 45 |
switched). |
| 46 |
|
| 47 |
Would I likely be opening my lan up for some christmas shopping by |
| 48 |
having a gentoo guest on a WinXP host running as a DMZ machine? |
| 49 |
It would be pretty barebones with a IPTABLE setup for logging and |
| 50 |
tagging or whatever I get interested in doing with the traffic. |
| 51 |
|
| 52 |
No X server or other frills. |
| 53 |
|
| 54 |
-- |
| 55 |
gentoo-user@g.o mailing list |
Archives