On Sunday 14 Dec 2003 5:37 am, Lyvim Xaphir wrote: > Even at it's basic configuration, Shorewall is much better > than a hardware router.
Would you elaborate on that Lyvim? My limited experience is the opposite. My router has stateful iptables (or ipchains?) and is pretty much as configurable as a Linux setup, with the added advantage that hostile traffic never gets to a full OS, where it may do more harm. Many of them also support UPnP, so windows users can use IM video if they must. > Hardware routers are generally for Mac users or non-tech types. That's > fine, but if you are looking for knowledge, a router appliance is not > going to get you there; in fact I recommend against it. Even if one is looking for knowledge, there is plenty of stuff to learn in Linux without having to learn a safe level of capability with iptables. This is one area in which a little knowledge is a very dangerous thing. A dedicated router simplifies the iptables setup with connection sharing, because the router can do the filtering and there is no extra work to share the connection - all machines are equal. Whereas using the Linux box complicates the iptables configuration. IMO, the best configuration has two rules: everything out, nothing in. (Most of the hostile outgoing traffic is going to be SMTP or HTTP anyway.) Adding connection sharing to these rules makes them a lot more complex, and every rule added has a chance of being wrong. -- Richard Urwin
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
