There are also cheap ($100) NAT routers / "firewalls" available like D-Link or Netgear if you don't need a speed > 10Mbps You'll have to spend $100, but it won't consume you time, it takes a lot less space, and it will consume a lot less electricity.
> -----Oorspronkelijk bericht----- > Van: Craig Sanders [mailto:[EMAIL PROTECTED] > Verzonden: dinsdag 25 februari 2003 1:38 > Aan: Tim Spriggs > CC: [EMAIL PROTECTED] > Onderwerp: Re: Cracking attempt > > > On Mon, Feb 24, 2003 at 06:08:43AM -0700, Tim Spriggs wrote: > > > What OS are you using? Presumably if it was Linux you would have > > > solved the problem with iptables or ipchains long ago... > > > > Solaris 9 :( It does have some firewalling software but caused some > > major conflicts at one point with no config and honestly, I and one > > other person are pushing to get a firewall and seperation > of tasks on > > different machines. The way this thing sits right now I'd be > > un-surprised if someone with an hour of spare time and a > little talent > > could get in and fuck a _LOT_ up. > > here's a quick-and-dirty (and cheap!) temporary solution: > > get an old 386/486/pentium box - there should be several > gathering dust > at any university. put two ethernet cards in it, and install > linux (any > debian with kernel 2.4.x) on the machine and configure it as a NAT > firewall. plug one NIC into your network, and use a > crossover cable to > connect the other NIC to your solaris box. > > in short, what this will do is take the solaris box off the external > network and put it on a second (private) network. DNAT on > the linux box > will allow authorised machines to connect to it and SNAT allows the > solaris box to get out. > > if you configure the NAT stuff right, the change will be completely > transparent to all users. > > it's pretty ugly, but it will work...and it's something you can do > without spending any money or asking permission (remember it's always > easier to get forgiveness than permission :). > > if anyone ever notices and complains, you can justify it by saying you > had no choice. you had to protect the server and the backups it > contained but had no budget to do it with. > > > alternatively, build the linux box but put it between your external > router and your main network. there's no need for NAT in this setup, > just plain routing and iptables firewalling rules. > > > a third alternative, (which may or may not be viable, > depending on what > kind of border router you have and how your network is set up) is to > replace the router with the linux box. > > craig > > -- > craig sanders <[EMAIL PROTECTED]> > > Fabricati Diem, PVNC. > -- motto of the Ankh-Morpork City Watch > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
