1 |
Setup: |
2 |
Home Lan with principle desktop machine running Gentoo. |
3 |
Three other machines running WinXP that are a trio of video and sound |
4 |
editing machines. And finally my wifes WinXP machine in antoher room. |
5 |
All connected by Gigabit lan thru a netgear FVP318 router/firewall. |
6 |
|
7 |
I want to begin scanning thru the traffic that bounces off my |
8 |
router/firewall. |
9 |
|
10 |
The router logs themselves are in a bad cumbersom format. And if I |
11 |
use an available option to output them to a lan System logger the |
12 |
information is greatly truncated and nearly useless. |
13 |
|
14 |
Router logs can be emailed but again they are cumbersom and clunky. |
15 |
That how I currently look through them. |
16 |
|
17 |
So cutting to the chase, I don't want to even mess around with those |
18 |
methods. Been there done that... didn't like it. |
19 |
|
20 |
The router has an option to route traffic to a DMZ machine. In the |
21 |
past when I got this same urge 2 or so years ago I setup an Openbsd |
22 |
OS on an older PC. Buttoned it down what little I knew to do and had |
23 |
lots of fun with incoming traffic.... I mean just studying and being |
24 |
amazed etc. |
25 |
|
26 |
I want to do that again but don't have that old machine anymore and |
27 |
don't want the unfamiliar hassle of relearning whatever I knew about |
28 |
OpenBSD. |
29 |
|
30 |
I don't want the hassle of hardening my main desktop... preferring to |
31 |
keep it pretty loose behind the firewall. Running a lan webserver and |
32 |
the like. |
33 |
|
34 |
I wondered if any of the security buffs here could tell me if a vmware |
35 |
gentoo guest running on one of the winXP boxes could be setup to have |
36 |
an independant tap on the Firewall as DMZ and not be offering every |
37 |
hack whiz out there a shot at my home lan. |
38 |
|
39 |
As I remember you can setup vmware with its own network address, not |
40 |
sharing its hosts address to some degree. |
41 |
|
42 |
But I wondered.., since any traffic is really going thru that WinXP |
43 |
hosts nic one way or another if it would be as safe as a truly |
44 |
independant host with its own ethernet wire to the router. (which is |
45 |
switched). |
46 |
|
47 |
Would I likely be opening my lan up for some christmas shopping by |
48 |
having a gentoo guest on a WinXP host running as a DMZ machine? |
49 |
It would be pretty barebones with a IPTABLE setup for logging and |
50 |
tagging or whatever I get interested in doing with the traffic. |
51 |
|
52 |
No X server or other frills. |
53 |
|
54 |
-- |
55 |
gentoo-user@g.o mailing list |