[CLUE-Tech] sshd question
Nate Duehr
nate at natetech.com
Wed Dec 1 09:52:24 MST 2004
Joseph A. Nagy, Jr. wrote:
>On Wed, Dec 01, 2004 at 07:19:05AM -0700, Chris Schock wrote the following:
>
>
>>What is your [hardware] firewall? Sounds like the problem is there.
>>
>>Is it a linksys wrt54g by any chance? I have one of those, and
>>occasionally it "forgets" to forward ports. Also the Qwest Actiontec DSL
>>routers are fairly flakey and occasionally require power resets.
>>
>>
>
>I have that exact same problem and it is highly annoying. Due to the need to
>have other computers easily access the network I'm forced to use it (I
>haven't learned how to turn my box into a mini-router yet), that and the
>fact I have problems keeping this box up more then a few days at a time due
>to a bad CRCCheck/sector on my WD hdd.
>
>
If you have a box that's not "doing anything", I have used with
SmoothWall's free version and have great reports from friends who like
IPCop which I believe was a spin-off of that for dedicated little
firewall boxes.
www.ipcop.org
One of the "fun" things I've played with was setting up an IPSec VPN
between my house and a friend's. We didn't have any clashes on our RFC
1918 space, so we were able to just treat each other's networks as
"local" if we were inside the firewalls... kinda funny to spew something
out on his HP Color LaserJet from across town when he wasn't expecting
it. (Or during a phone call -- "Where'd you see that?", "Ahh, it's
coming out of your printer now." LOL.)
(Yeah yeah, I know VPN's are old news - it was just fun to do it for
something non-work related.)
I'm thinking I'll probably build up a new IPCop machine using one of the
dual NIC Via Eden mini-ITX motherboards -- the firewall is on 24/7 and
switching to a machine that draws very little power (~70W) is
appealing. The old Pentium II that's doing the job right now is noisy,
and judging by the heat dissipation uses a lot more than 70W just
sitting there routing packets and logging stuff.
The nicest part about these "pre-made" security type distros is that all
the toys one would normally integrate (like MRTG graphs for interface
use statistics) is already baked in. I would recommend at least going
through writing your own IPTables ruleset and learning how it works
properly at least once, but if you've done that and you just "want to
get the firewall built and finished so I can do something else with my
time this week/day/whatever", the little security/firewall distros are
pretty nifty.
Oh and just for fun, the Gentoo-heads on the list will be
happy/proud/terrified/scared to note that I'm turning (quickly) into a
Gentoo religious convert. ;-)
The laptop's all "Gentoo-ized" including doing a Stage I build with
"nptl" in the USE, and working on getting a Via Eden 500 board to play
nicely. It barfed on sunrpc last night during the bootstrap. :-( I
think I had the CFLAGS wrong for the Via Eden.
Nate
More information about the clue-tech
mailing list