[CLUE-Tech] sshd question

Nate Duehr nate at natetech.com
Wed Dec 1 09:52:24 MST 2004 

Joseph A. Nagy, Jr. wrote:

>On Wed, Dec 01, 2004 at 07:19:05AM -0700, Chris Schock wrote the following:
>  
>
>>What is your [hardware] firewall? Sounds like the problem is there.
>>
>>Is it a linksys wrt54g by any chance? I have one of those, and
>>occasionally it "forgets" to forward ports. Also the Qwest Actiontec DSL
>>routers are fairly flakey and occasionally require power resets.
>>    
>>
>
>I have that exact same problem and it is highly annoying. Due to the need to
>have other computers easily access the network I'm forced to use it (I
>haven't learned how to turn my box into a mini-router yet), that and the
>fact I have problems keeping this box up more then a few days at a time due
>to a bad CRCCheck/sector on my WD hdd. 
>  
>
If you have a box that's not "doing anything", I have used with 
SmoothWall's free version and have great reports from friends who like 
IPCop which I believe was a spin-off of that for dedicated little 
firewall boxes. 

www.ipcop.org

One of the "fun" things I've played with was setting up an IPSec VPN 
between my house and a friend's.  We didn't have any clashes on our RFC 
1918 space, so we were able to just treat each other's networks as 
"local" if we were inside the firewalls... kinda funny to spew something 
out on his HP Color LaserJet from across town when he wasn't expecting 
it.  (Or during a phone call -- "Where'd you see that?", "Ahh, it's 
coming out of your printer now."  LOL.)

(Yeah yeah, I know VPN's are old news - it was just fun to do it for 
something non-work related.)

I'm thinking I'll probably build up a new IPCop machine using one of the 
dual NIC Via Eden mini-ITX motherboards -- the firewall is on 24/7 and 
switching to a machine that draws very little power (~70W) is 
appealing.  The old Pentium II that's doing the job right now is noisy, 
and judging by the heat dissipation uses a lot more than 70W just 
sitting there routing packets and logging stuff.

The nicest part about these "pre-made" security type distros is that all 
the toys one would normally integrate (like MRTG graphs for interface 
use statistics) is already baked in.  I would recommend at least going 
through writing your own IPTables ruleset and learning how it works 
properly at least once, but if you've done that and you just "want to 
get the firewall built and finished so I can do something else with my 
time this week/day/whatever", the little security/firewall distros are 
pretty nifty.

Oh and just for fun, the Gentoo-heads on the list will be 
happy/proud/terrified/scared to note that I'm turning (quickly) into a 
Gentoo religious convert.  ;-) 

The laptop's all "Gentoo-ized" including doing a Stage I build with 
"nptl" in the USE, and working on getting a Via Eden 500  board to play 
nicely.  It barfed on sunrpc last night during the bootstrap.  :-(  I 
think I had the CFLAGS wrong for the Via Eden. 

Nate

More information about the clue-tech mailing list