| 1 |
Mick <michaelkintzios@×××××.com> writes: |
| 2 |
|
| 3 |
> On Friday 14 December 2007, reader@×××××××.com wrote: |
| 4 |
>> Mick <michaelkintzios@×××××.com> writes: |
| 5 |
>> >> Would I likely be opening my lan up for some christmas shopping by |
| 6 |
>> >> having a gentoo guest on a WinXP host running as a DMZ machine? |
| 7 |
>> >> It would be pretty barebones with a IPTABLE setup for logging and |
| 8 |
>> >> tagging or whatever I get interested in doing with the traffic. |
| 9 |
>> >> |
| 10 |
>> >> No X server or other frills. |
| 11 |
>> > |
| 12 |
>> > A rather simpler solution to do this would be to get hold of hub, connect |
| 13 |
>> > it to the firewall and watch everything that passes through it. |
| 14 |
>> |
| 15 |
>> I do have an older hub, but not sure what you mean here. The hub has |
| 16 |
>> no network address and of course is not switched so anything going |
| 17 |
>> thru it can be filtered with tcpdump. But the router is switched. |
| 18 |
>> Not sure how a hub would see the outfacing address. I'd be able to |
| 19 |
>> see all the lan machines that were going thru it, but how about the |
| 20 |
>> traffic that the firewall is rejecting? Thats what I'm after. |
| 21 |
>> |
| 22 |
>> Can you elaborate a little? |
| 23 |
>> |
| 24 |
>> Maybe you mean something different by `hub'. |
| 25 |
> |
| 26 |
> I mean a hardware hub, not a switch and not a router. You need to place it |
| 27 |
> in-line between your router/switch and your modem. Being on the WAN side of |
| 28 |
> your NAT it will 'see' all the packets that go to/from the Internet |
| 29 |
> (unfiltered). On the other side of the router you get the filtered traffic |
| 30 |
> which when compared/contrasted with the WAN side will show you what the |
| 31 |
> router and it's firewall are doing. I hope this is a bit clearer, otherwise |
| 32 |
> please email me if you think this is getting off topic. |
| 33 |
|
| 34 |
I guess someone will squawk if they think it is not topical here, but |
| 35 |
it I think it should be ok since its about a specific setup involving |
| 36 |
a gentoo box or hardened VM gentoo guest. |
| 37 |
|
| 38 |
Below is a ascii art diagram of my simple network. I think you are |
| 39 |
talking about placing the hub as shown there. If I got that right |
| 40 |
then what I don't understand is how you talk to the hub. I mean if |
| 41 |
you connect it to any machine in the diagram or elsewhere wouldn't you |
| 42 |
be exposing that machine to the unfiltered internet? |
| 43 |
|
| 44 |
It still seems you would need somekind of hardened interface to that |
| 45 |
hub, but I'm probably not understanding how it would work.. |
| 46 |
|
| 47 |
|
| 48 |
ISP ISP |
| 49 |
^ |
| 50 |
^ |
| 51 |
| |
| 52 |
DSL Modem |
| 53 |
| |
| 54 |
XXXXX <= hub |
| 55 |
| |
| 56 |
| |
| 57 |
-------------NetGearRouter/switch---------------------- |
| 58 |
| | | | |
| 59 |
| | | | |
| 60 |
| | | | |
| 61 |
---------- ---------- --------- ---------- |
| 62 |
Gentoo WinXP WinXP WinXP |
| 63 |
|
| 64 |
|
| 65 |
-- |
| 66 |
gentoo-user@g.o mailing list |
Archives