[CLUE-Tech] Of Security and Firewalls..
Cyberclops
Cyberclops at hawaii.rr.com
Mon Mar 19 19:43:24 MST 2001
Isn't it amazing that here in remote Hawaii, we have had cable modems
for a long time, yet in High Tech Colorado, home of the marvelous DIA
tent, they are hard to come by.
Jim Intriglia wrote:
>
> I checked out ClarkConnect web site - it is very impressive and would meet
> my Firewall, and Internet sharing needs (plus it is based on Red Hat V6.2
> which is what I'm running here).
>
> The one challenge is that ClarkConnect requires a DSL/Cable Internet
> connection, which here in Conifer is non-existant. In the ClarkConnect
> discussion forum, there was a post that referenced Smoothwall
> (smoothwall.org) for those of us needing similar functionality with dialup
> access.
>
> The ClarkConnect site did have some useful resources on firewalls and
> configuration, which I am reading through now.
>
> Re: IPCHAINS vs IPTABLES, this almost sounds like the CGI/Java Servlets
> argument among web developers. (CGI was supposed to go away for a number of
> reasons, with Java servlets being the preferred method for enterprise
> development.) CGI is still very much evident in web development today. Thus,
> it seems logical to start reading-up/learning IPCHAINS as well as IPTABLES.
>
> Thanks Roger and Brian; off to a good start.
>
> :-)
>
> -Jim
>
> >From: rfrank <rfrank at rfrank.net>
> >Reply-To: clue-tech at clue.denver.co.us
> >To: clue-tech at clue.denver.co.us
> >Subject: Re: [CLUE-Tech] Of Security and Firewalls..
> >Date: Mon, 19 Mar 2001 16:22:56 -0700
> >
> >On Monday 19 March 2001 15:11, you wrote:
> > > Jim,
> > >
> > > I've had some of the same questions recently. I definitely agree that
> > > IPTABLES is better and knowledge of such would be desired. For myself,
> > > however, I also want to know and understand IPCHAINS well since I want
> >to
> > > be more involved in security and many systems in place are using the 2.2
> > > kernel. It sounds like you are just wanting something to protect your
> >own
> > > network, so I'd go with the latest and best.
> > >
> > > Brian Jarrett
> >
> >Well, my project this past week has been to understand firewalls, IPCHAINS
> >as such. After manually crafting one machine to do the job, I took an
> >orphan machine (an old 200 MHz box with a 1.6G hard drive) and decided
> >to give ClarkConnect a try (www.clarkconnect.org). I am impressed.
> >
> >I downloaded an install diskette and an small (90 megabyte) iso download
> >that I burned to CD. Then on the target machine I put in the floppy,
> >booted
> >it, put the CD in and sat back to watch. It installed just the subset of
> >RH 6.2 that it needed plus ipchains and rc.firewall and portsentry and
> >samba and netatalk and apache and a cacheing nameserver and ssh.
> >It has everything there to turn on ftp and telnet if I want, and dhcpd too
> >but I left those off. It is also doing masquerading and includes a
> >web-based configuration tool. License is GPL.
> >
> >I logged in as root and compared my scripts with what ClarkConnect
> >did for the same topology. My rc.firewall contained far fewer ipchains
> >entries but other than that, I was pretty close. Then the fun began.
> >I did a shields-up scan of my site (www.linuxclssroom.org) and
> >the report was that the machine was cloaked: it had not only blocked
> >the ports, it appeared as if it had dropped of the net. I checked the
> >logs and sure enough, there it was as blocked. Sweet.
> >
> >Bottom line: learn all you can from net docs and helpful clue-techies
> >and try ClarkConnect to learn more and to stay safely on-line.
> >
> >Roger Frank
> >
> >_______________________________________________
> >CLUE-Tech mailing list
> >CLUE-Tech at clue.denver.co.us
> >http://clue.denver.co.us/mailman/listinfo/clue-tech
>
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com
>
> _______________________________________________
> CLUE-Tech mailing list
> CLUE-Tech at clue.denver.co.us
> http://clue.denver.co.us/mailman/listinfo/clue-tech
More information about the clue-tech
mailing list