[CLUE-Tech] Of Security and Firewalls..
Jim Intriglia
jimintriglia at hotmail.com
Tue Mar 20 00:32:48 MST 2001
I checked out ClarkConnect web site - it is very impressive and would meet
my Firewall, and Internet sharing needs (plus it is based on Red Hat V6.2
which is what I'm running here).
The one challenge is that ClarkConnect requires a DSL/Cable Internet
connection, which here in Conifer is non-existant. In the ClarkConnect
discussion forum, there was a post that referenced Smoothwall
(smoothwall.org) for those of us needing similar functionality with dialup
access.
The ClarkConnect site did have some useful resources on firewalls and
configuration, which I am reading through now.
Re: IPCHAINS vs IPTABLES, this almost sounds like the CGI/Java Servlets
argument among web developers. (CGI was supposed to go away for a number of
reasons, with Java servlets being the preferred method for enterprise
development.) CGI is still very much evident in web development today. Thus,
it seems logical to start reading-up/learning IPCHAINS as well as IPTABLES.
Thanks Roger and Brian; off to a good start.
:-)
-Jim
>From: rfrank <rfrank at rfrank.net>
>Reply-To: clue-tech at clue.denver.co.us
>To: clue-tech at clue.denver.co.us
>Subject: Re: [CLUE-Tech] Of Security and Firewalls..
>Date: Mon, 19 Mar 2001 16:22:56 -0700
>
>On Monday 19 March 2001 15:11, you wrote:
> > Jim,
> >
> > I've had some of the same questions recently. I definitely agree that
> > IPTABLES is better and knowledge of such would be desired. For myself,
> > however, I also want to know and understand IPCHAINS well since I want
>to
> > be more involved in security and many systems in place are using the 2.2
> > kernel. It sounds like you are just wanting something to protect your
>own
> > network, so I'd go with the latest and best.
> >
> > Brian Jarrett
>
>Well, my project this past week has been to understand firewalls, IPCHAINS
>as such. After manually crafting one machine to do the job, I took an
>orphan machine (an old 200 MHz box with a 1.6G hard drive) and decided
>to give ClarkConnect a try (www.clarkconnect.org). I am impressed.
>
>I downloaded an install diskette and an small (90 megabyte) iso download
>that I burned to CD. Then on the target machine I put in the floppy,
>booted
>it, put the CD in and sat back to watch. It installed just the subset of
>RH 6.2 that it needed plus ipchains and rc.firewall and portsentry and
>samba and netatalk and apache and a cacheing nameserver and ssh.
>It has everything there to turn on ftp and telnet if I want, and dhcpd too
>but I left those off. It is also doing masquerading and includes a
>web-based configuration tool. License is GPL.
>
>I logged in as root and compared my scripts with what ClarkConnect
>did for the same topology. My rc.firewall contained far fewer ipchains
>entries but other than that, I was pretty close. Then the fun began.
>I did a shields-up scan of my site (www.linuxclssroom.org) and
>the report was that the machine was cloaked: it had not only blocked
>the ports, it appeared as if it had dropped of the net. I checked the
>logs and sure enough, there it was as blocked. Sweet.
>
>Bottom line: learn all you can from net docs and helpful clue-techies
>and try ClarkConnect to learn more and to stay safely on-line.
>
>Roger Frank
>
>_______________________________________________
>CLUE-Tech mailing list
>CLUE-Tech at clue.denver.co.us
>http://clue.denver.co.us/mailman/listinfo/clue-tech
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com
More information about the clue-tech
mailing list