I thought @home was going out of business? Up until several days ago, I would have had an @home address. So maybe that's a caveat. Also, as you have been told, different ISPs may do things quite differently (and even the same ISP may change things around). My ISP did block some ports. Also, many people have noticed that they will portscan you looking for news (119; is this a big problem!?) and perhaps http (80) which is a little annoying. And then your neighbors will be scanning you like mad, at least most of my scans arise from what was the @home.com network and they are fairly numerous.
I have a setup like what you describe. I have an old 486 computer with two NICs acting as router and firewall. One interface is physically attached to the cable modem and one to my LAN hub. To run the device, I use a Linux distro designed for this called LRP or LEAF. See http://leaf.sourceforge.net. I specifically have used Eigerstein and now use Dachstein. It took me a little while to get used to this stripped-down version of Debian but I like it now. One thing I like is that it boots from a single floppy. So after I get the machine all set up, I write protect the floppy and the router configuration cannot be compromised permanently. Power cycling the machine provides a virgin installation of the OS in a few seconds. Also since the fs is msdos, you can copy and save this floppy on any system, making it really easy to back up your settings. The leaf users mailing list is very helpful albeit fairly highly volume. Some services are known to be problematic with firewalls. I have used napster, AOL IM (the actual AOL Windows version and gaim), ICQ, Unreal Tournament, and ftp through this setup. I have heard that some more exotic protocols have difficulty. I was *not* able to use an IPSec VPN client with the old (2.2-based) LEAF but I am told that the new versions include needed kernel support. The problem with these sorts of protocols is that they are encrypted. So the internal IP gets stuffed into a packet, then the packet is rendered opaque, then wrapped in a second packet and sent out... the NAT router rewrites the IP on the second packet but cannot access the encrypted payload. There are apparently some ways to overcome this but a kernel module must be coded for the specific protocols and then you need to load it on your router. If you have the Linksys product which I'm thinking of, this is roughly equivalent. Probably the Linux box can do more interesting things and you have more options if something doesn't work. A friend with one of those Linksys router/hub combinations did get the IPSec VPN client working after upgrading the firmware. The Linksys is a much smaller footprint and probably easier to get configured. OTOH, it's not like I am dying to configure my router each day... I set it up and forget about it. And LEAF isn't that hard, now that I understand Linux things like getting my two ancient ISA NIC's running, I had a firewall/router with sshd, http-based monitoring, dhcp (both as a client to my ISP and as a server to my internal network) running inside of a couple hours, including the dial-up downloads and documentation reading. The most time-consuming part was shoe-horning all that onto one floppy (openssh is fairly large). Also, I previously used my RH Linux desktop machine for this purpose. It was easy to set-up and it worked fine. I switched because I thought, from a security standpoint, that LEAF was probably a lot more secure. It doesn't run many services. It is booted form a physically write-protected medium. IIRC, it includes kernels with less stuff and more security patches. And I think it's just as well to use a widely-used package created by people who are obviously more knowledgeable about this than I, rather than re-inventing the wheel (e.g., writing my own firewall rules). . HTH, -Alan ----- Original Message ----- From: Ashley M. Kirchner <[EMAIL PROTECTED]> To: Red Hat Mailing List <[EMAIL PROTECTED]> Sent: Saturday, February 23, 2002 6:42 PM Subject: AT&T @home > > Does anyone have AT&T @home service coming in to their Linux machine, and masqed machines behind that? Any caveats I need to be aware of before I do this? _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
