1 |
On Monday 08 January 2007 09:53, Dan <dan@×××××××××.cx> wrote about 'Re: |
2 |
[gentoo-user] [OT] Router for ssh tunnel/SOCKS proxy': |
3 |
> I am not sure what you mean by this, but I do hope you'll consider |
4 |
> using a normal commodity PC as your router. |
5 |
|
6 |
He's already got a home router. Some Netgear model (see below). |
7 |
|
8 |
If the only thing your network is accessing the Internet, then a PC can |
9 |
work as a router effectively. However, if you want to take advantage of |
10 |
gigabit speeds (or more than a dozen 100mbit ports) you'll definitely want |
11 |
a dedicated solution -- the PCI bus just can't keep up. Maybe there's a |
12 |
solution in PCIe or PCI-X, since they do increase bandwidth, but I've yet |
13 |
to see a standard PC configured to handle that much bandwidth. |
14 |
|
15 |
> are you sure you want the internet traffic to go through the wifi |
16 |
> provider's ISP, through the worldwide web (tracepath gives routes that |
17 |
> you may find surprising for traffic in the neighborhood will often go |
18 |
> accross the nation for me), back through your home ISP, and into your |
19 |
> home network, then back again through your home ISP and back into the |
20 |
> world to the computer whose website you are attempting to browse? That's |
21 |
> a pretty convoluted trip. |
22 |
|
23 |
Well, by making that trip he does prevent attempts to sniff his data by the |
24 |
wifi provider (or when using non-secure wifi, anyone within range of his |
25 |
transmission). It sounds like he's setting up a ssh tunnel from a trusted |
26 |
system (his laptop) to another trusted system (his router) so his |
27 |
(plaintext) data can't be intercepted. (It could be intercepted as |
28 |
ciphertext but there's no good attacks against as ssh tunnel.) |
29 |
|
30 |
Note that SSL/TLS traffic doesn't gain any security by going though the |
31 |
tunnel and unencrypted traffic can still be sniffed on it's way between |
32 |
the trusted router and the server. |
33 |
|
34 |
-- |
35 |
"If there's one thing we've established over the years, |
36 |
it's that the vast majority of our users don't have the slightest |
37 |
clue what's best for them in terms of package stability." |
38 |
-- Gentoo Developer Ciaran McCreesh |