[KLUG Members] no route to local network?
Mike Williams
knightperson at zuzax.com
Mon May 9 14:27:51 EDT 2005
>
> From:
> Adam Tauno Williams <adam at morrison-ind.com>
>
>
>>>> >And there is always http://www.freesco.org/ which has been presented at
>>>> >KLUG (but I've never had the time to try out). Very I-am-a-router
>>>> >focused.
>>>
>>>
>>> Or IPCop, or Smoothwall, or Gibraltar, or Astaro, or any number of other
>>> things. I don't want a firewall-only distro in this case because I'd
>>> like it to do a little bit of samba file sharing too. It's likely to be
>>> much easier to properly lock down a SuSE box than to unlock a
>>> firewall-only distro and get samba installed on it.
>>
>>
>
><obligatory statement>I can't in good conscience ever recommend running
>a service like Samba on an internet connected host, firewall rules or
>not. A firewall should be a firewall. Buy a $10 PC, use it as a
>firewall, and play with things like Samba on another box - inside the
>network, not on the edge.</obligatory statement>
>
>
I know, it's not an ideal solution, and I'm aware of the potential
security problems. In my opinion, this is balanced out by the various
reasons FOR putting samba on the box in this case. 1) Samba can be
configured to only listen on a particular IP. 2) IPtables can lock it
down further. 3) I'm not gonna be storing anything sensitive on this
machine. 4) Most of the samba-hunting worms are going to be after a
Windows box, at least so far. 5) I feel like I have to do SOMETHING
with the remaining 18 gigs or so of this 20 gig hard drive.
Next time I retire a machine, I might go two a 2-machine system, but I
think watching the prices on the Linksys Linux routers (wrt54g series)
and putting the unlocked firmware on them is more likely. Especially
when I've seen them at Best Buy for $40 after rebate.
And Bruce, I know you're a D-L developer from my lurking on this list
for a couple years now. A firewall that doesn't require a hard drive
sounds good on paper, but if you go that way you need a CD-ROM and a
floppy (or a flash disk, I suppose, but I don't have one). I've seen
significantly higher mortality rates with optical drives and floppies
over the years than I've seen on hard drives, not counting the IBM 75gxp
series. This was with light use from the CD, and I don't want to think
about how much thrashing you'd have if the machine is starved for
memory. Removable drives have a whole host of potential problems, with
dust, unbalanced media, media getting stuck, and etc. I'd much rather
trust an appliance to a single hard drive system and have it email me
config backups every month than a burned CD and a floppy, either of
which could make the machine unusable.
More information about the Members
mailing list