Thomas Ribbrock <[EMAIL PROTECTED]> writes:
[...] >> I found it a big pain in the butt fussing with ipchains and then >> iptables too so finally got a hardware firewall/router. > [...] > >> It is what is known as `statefull' and allows full NATing with fairly >> simple choices on a java based interface. >> >> That just means it knows what connections go to which machine and how >> to translate them. It is a switched hub which is one step toward >> security by itself. The NATing just means you can earmark an internal >> machine as a server of just about any type, and have the router send >> connections on that port to the earmarked machine only. > [...] > > No fancy Java-based interface, but you can get stateful firewalling and NAT > with an OpenBSD machine as well - and those folks have a good track record > and - contrary to Linux, unfortunately - *excellent* documentation and > man pages. I've been using it on an old Sparc Classic as firewall for my > small home network for quite some time. See http://www.opensbsd.org My messages was pointing to the hardware router solution. The point being to show a less hassle prone avenue to some semi-decent security. I seriously doubt the OP would have been hacked at all, with one in place. Even a stock install with everthing turned on, like we used to have pre 7.0 would show goose eggs to an nmap scan from the internet. Java based interface is a negative aspect in my view. Text would be easier and certainly more editable. If your going the software OS route, no need to go OpenBSD, since iptables is fully capable of both items. The OpenBSD ipfilter setup is no less hassle than IPtables in my opinion. That is, if you survive the installation of OpenBSD, in particular the fdisk/disklabel hell one is presented with on install. Anyone familiar with linux fdisk would sooner shoot themselves than use the one supplied with OpenBSD :-). Either ipfilter or iptables is vastly more configurable than a hardware router, but both make heat, noise, take space , and require close maintainence. Often reconfiguration with even smallish changes in usage or needs. Not to mention nearly encyclopedic knowledge of networking/firewalling. If you don't mind or even like the noise, heat, space loss, and constant pain in the ass maintenance. And you prefer spending hours/days reading about and experimenting with the ins and outs of firewall/networking then the OS (iptables ipfilter) route can answer all your masochistic needs. My own choice currently is to do both.... yeah. I'm running a hardware firewall, and doing all that masochistic stuff behind it in some degree of safety. I've built a fake internet, network within a network to practice on. And satisfy that inner need to have confusing pain in the ass stuff to have to deal with... hehe. _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list