[CLUE-Tech] Of Security and Firewalls..

Mon Mar 19 19:43:24 MST 2001

Isn't it amazing that here in remote Hawaii, we have had cable modems
for a long time, yet in High Tech Colorado, home of the marvelous DIA
tent, they are hard to come by.

Jim Intriglia wrote:
> 
> I checked out ClarkConnect web site - it is very impressive and would meet
> my Firewall, and Internet sharing needs (plus it is based on Red Hat V6.2
> which is what I'm running here).
> 
> The one challenge is that ClarkConnect requires a DSL/Cable Internet
> connection, which here in Conifer is non-existant. In the ClarkConnect
> discussion forum, there was a post that referenced Smoothwall
> (smoothwall.org) for those of us needing similar functionality with dialup
> access.
> 
> The ClarkConnect site did have some useful resources on firewalls and
> configuration, which I am reading through now.
> 
> Re: IPCHAINS vs IPTABLES, this almost sounds like the CGI/Java Servlets
> argument among web developers. (CGI was supposed to go away for a number of
> reasons, with Java servlets being the preferred method for enterprise
> development.) CGI is still very much evident in web development today. Thus,
> it seems logical to start reading-up/learning IPCHAINS as well as IPTABLES.
> 
> Thanks Roger and Brian; off to a good start.
> 
> :-)
> 
> -Jim
> 
> >From: rfrank <rfrank at rfrank.net>
> >Reply-To: clue-tech at clue.denver.co.us
> >To: clue-tech at clue.denver.co.us
> >Subject: Re: [CLUE-Tech] Of Security and Firewalls..
> >Date: Mon, 19 Mar 2001 16:22:56 -0700
> >
> >On Monday 19 March 2001 15:11, you wrote:
> > > Jim,
> > >
> > > I've had some of the same questions recently.  I definitely agree that
> > > IPTABLES is better and knowledge of such would be desired.  For myself,
> > > however, I also want to know and understand IPCHAINS well since I want
> >to
> > > be more involved in security and many systems in place are using the 2.2
> > > kernel.  It sounds like you are just wanting something to protect your
> >own
> > > network, so I'd go with the latest and best.
> > >
> > > Brian Jarrett
> >
> >Well, my project this past week has been to understand firewalls, IPCHAINS
> >as such.  After manually crafting one machine to do the job, I took an
> >orphan machine (an old 200 MHz box with a 1.6G hard drive) and decided
> >to give ClarkConnect a try (www.clarkconnect.org).  I am impressed.
> >
> >I downloaded an install diskette and an small (90 megabyte) iso download
> >that I burned to CD.  Then on the target machine I put in the floppy,
> >booted
> >it, put the CD in and sat back to watch.  It installed just the subset of
> >RH 6.2 that it needed plus ipchains and rc.firewall and portsentry and
> >samba and netatalk and apache and a cacheing nameserver and ssh.
> >It has everything there to turn on ftp and telnet if I want, and dhcpd too
> >but I left those off.  It is also doing masquerading and includes a
> >web-based configuration tool.  License is GPL.
> >
> >I logged in as root and compared my scripts with what ClarkConnect
> >did for the same topology.  My rc.firewall contained far fewer ipchains
> >entries but other than that, I was pretty close.  Then the fun began.
> >I did a shields-up scan of my site (www.linuxclssroom.org) and
> >the report was that the machine was cloaked: it had not only blocked
> >the ports, it appeared as if it had dropped of the net.  I checked the
> >logs and sure enough, there it was as blocked.  Sweet.
> >
> >Bottom line: learn all you can from net docs and helpful clue-techies
> >and try ClarkConnect to learn more and to stay safely on-line.
> >
> >Roger Frank
> >
> >_______________________________________________
> >CLUE-Tech mailing list
> >CLUE-Tech at clue.denver.co.us
> >http://clue.denver.co.us/mailman/listinfo/clue-tech
> 
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com
> 
> _______________________________________________
> CLUE-Tech mailing list
> CLUE-Tech at clue.denver.co.us
> http://clue.denver.co.us/mailman/listinfo/clue-tech