Glen Lee Edwards <[EMAIL PROTECTED]> writes: > 5) Having a tight firewall is like living in a fenced in yard. No one can get > in, but you can't get out. I have no desire to live on an island.
I found it a big pain in the butt fussing with ipchains and then iptables too so finally got a hardware firewall/router. (Others have suggested it too) Mine is a NETGEAR FR-314. Costs around $200 now but there are considereably cheaper ones. I can't really recommend the FR-314 because of its lack of any text based interface. Its all done thru a very sucky java script interface from a browser. But actually is very easy to set up. It took some initial fussing and acouple of calls to tech help but, once set to a basic config it requires little or no maintenance. Is totally silent, produces no heat and is small. It is what is known as `statefull' and allows full NATing with fairly simple choices on a java based interface. That just means it knows what connections go to which machine and how to translate them. It is a switched hub which is one step toward security by itself. The NATing just means you can earmark an internal machine as a server of just about any type, and have the router send connections on that port to the earmarked machine only. You could be conceivabley running every service known to man on an internal machine but unless you set the NATing up to point at it, it will be invisible from the internet. An nmap from the internet should show nothing open at all. Unless you've specified some specific service to offer to the world. But, still all your normal outgoing packets will get thru and any reponses to them will be routed back thru. I see dozens of hack attempts every week and a few each day getting dropped. _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list