Re: [gentoo-user] moving to ADSL

Sat, 13 Jan 2007 05:44:11 -0800 

On Thursday 11 January 2007 22:15, Jorge Almeida wrote:
> On Thu, 11 Jan 2007, b.n. wrote:

> > Well, you can disable router firewalling and firewalling your box, why
> > not? Actually, that's the most sensible thing to do.
>
> I think I was confused and said nonsense. The box having a private IP
> doesn't preclude it seeing the IP of incoming packets, so I suppose I
> can have the router firewall active (whatever it may be) and also
> Shorewall on the workstation. After all, redundant security doesn't
> hurt.

That's how I have set up mine.  The Netgear [ADSL modem/NAT router/SPI 
firewall (statefull packet inspection)] box does its tricks, inc. acting as a 
DHCP, DNS server and gateway for the boxen on the LAN, while each LAN machine 
has an additional layer of security by running its own firewall.

BTW, my Netgear DG834 is running this much:
===============================================
cat /proc/version
Linux version 2.4.17_mvl21-malta-mips_fp_le ([EMAIL PROTECTED]) (gcc version 
2.95.3 
20010315 (release/MontaVista)) #6 Wed Sep 7 16:50:05 CST 2005

iptables
iptables v1.2.8: no command specified
===============================================

and this is what's in the box:
===============================================
cat /proc/cpuinfo
processor               : 0
cpu model               : MIPS 4KEc V4.8
BogoMIPS                : 149.91
wait instruction        : no
microsecond timers      : yes
extra interrupt vector  : yes
hardware watchpoint     : yes
VCED exceptions         : not available
VCEI exceptions         : not available

cat /proc/meminfo
        total:    used:    free:  shared: buffers:  cached:
Mem:  14757888  9375744  5382144        0  1011712  3612672
Swap:        0        0        0
MemTotal:        14412 kB
MemFree:          5256 kB
MemShared:           0 kB
Buffers:           988 kB
Cached:           3528 kB
SwapCached:          0 kB
Active:           1608 kB
Inactive:         4268 kB
HighTotal:           0 kB
HighFree:            0 kB
LowTotal:        14412 kB
LowFree:          5256 kB
SwapTotal:           0 kB
SwapFree:            0 kB
===============================================

You configure the iptables using the web GUI, which runs on cgi scripts.  
OpenWRT have a work-in-progress Linux image for it.  Hopefully development 
will continue because I really like to set up ssh access to it.  There are 
also ADSL routers in the market that have usb ports for attaching USB drivers 
to be accessed by LAN machines as network drivers.  Of course hacking the 
kernel on a machine like DNS-120, which can accept USB flash or hard drives 
and make them accessible from the Internet is probably a more interesting 
proposition . . .
-- 
Regards,
Mick

Attachment: pgplYlbtoEXiY.pgp
Description: PGP signature

Reply via email to