On 03/29/2017 08:51 AM, Mike McClain wrote:
On Tue, Mar 28, 2017 at 10:14:50PM -0400, Dan Ritter wrote:
On Tue, Mar 28, 2017 at 04:46:02PM -0700, Mike McClain wrote:
I'm runniing Debian 7.11 on a Pentium 3 with 250MB ram. ...
phone eth0 eth1 AT&T-------| |--------|
|--------| |-------| | AT&T modem/ Linux my Win2K
router box router box
The Linux box is my main computer, it's just a computer but runs my
firewall.
My router is NetGear RP614 and all connections to the router are on
the lan side, nothing in the i'net port. Just the 2 computers and
the printer.
The Win2K box is just a computer but has my music and financials.
Each box serves as backup storage for the other.
No Wi-Fi, pods, phones, tablets, game consoles, laptops, etc.
Any other thoughts/suggestions?
Any device with multiple network interfaces and that passes packets
between them is functioning as a router.
It is unwise to use one device as both a firewall/router and as
anything else -- especially a workstation/desktop (that's where the
intruders like to break in).
Regarding the Netgear RP614 router, which one?
https://www.netgear.com/support/product/RP614v1
https://www.netgear.com/support/product/RP614v2
https://www.netgear.com/support/product/RP614v3
https://www.netgear.com/support/product/RP614v4
I have the same recommendation as rhkramer:
On 03/29/2017 05:50 AM, rhkramer wrote:
Put your router immediately after the AT&T modem, then (assuming
there are multiple ethernet ports on the router), put your Linux box
on one eth port and the Windows box on another. (That would require
3 ports on the router.)
Plus:
1. Connect the RP614 WAN port to the modem. The RP614 has 4 LAN ports;
connect two of these to the Linux box and to the printer.
2. Check the version of the firmware in the Netgear RP614. Download
and install current firmware if needed. Also, check if there are known
vulnerabilities. (I doubt open-source firmware is available, as the
RP614 does not have a Wi-Fi interface, but it might be worth some
searching.)
3. Win2K is unsupported. Therefore, it must be treated as insecure and
should not have access to your LAN or to the Internet. Options include:
a. Unplug the network cable ("air wall"). This means putting
backups on an external drive.
b. Check if your hardware, music apps, and financial apps are
supported by Windows 7. If so, upgrade and connect to a free LAN port
on the RP614.
c. Migrate your music and financial apps to the Linux box and
retire the machine.
4. For backups, I prefer a dedicated machine that pulls files over ssh
and is firewalled to block all incoming ports. (I need to research
firewalling outgoing ports as well.) If/when an intruder breaks into
any/all of the other hosts, hopefully I will figure it out before he
gets into the backup server.
5. There is a saying, "don't throw good money after bad". My guess is
that your Win2K machine is also outdated hardware. My P3 computers went
to curb-side recycling years ago. I'm trying to squeeze a little more
life out of my high-end P4's, but they will follow sooner or later. I'd
suggest getting newer hardware and migrating all your apps and data onto
that. Older machines can be useful as firewall/router appliances (e.g.
http://www.ipcop.org/), backup appliances, and spare/ workbench/
experimental/ etc. machines.
Thanks to Dan, David & Tomas for the help.
YW. Please let us know how it goes.
David
