[KLUG Members] no route to local network?

[Mike Williams]

>
> From:
> Adam Tauno Williams <adam at morrison-ind.com>
>
>
>>>> >And there is always http://www.freesco.org/ which has been presented at
>>>> >KLUG (but I've never had the time to try out).  Very I-am-a-router
>>>> >focused.
>>>      
>>>
>>> Or IPCop, or Smoothwall, or Gibraltar, or Astaro, or any number of other 
>>> things.  I don't want a firewall-only distro in this case because I'd 
>>> like it to do a little bit of samba file sharing too.  It's likely to be 
>>> much easier to properly lock down a SuSE box than to unlock a 
>>> firewall-only distro and get samba installed on it.
>>    
>>
>
><obligatory statement>I can't in good conscience ever recommend running
>a service like Samba on an internet connected host,  firewall rules or
>not.  A firewall should be a firewall.  Buy a $10 PC, use it as a
>firewall, and play with things like Samba on another box - inside the
>network, not on the edge.</obligatory statement>
>  
>
I know, it's not an ideal solution, and I'm aware of the potential 
security problems.  In my opinion, this is balanced out by the various 
reasons FOR putting samba on the box in this case.  1) Samba can be 
configured to only listen on a particular IP.  2) IPtables can lock it 
down further.  3)  I'm not gonna be storing anything sensitive on this 
machine.  4)  Most of the samba-hunting worms are going to be after a 
Windows box, at least so far.  5) I feel like I have to do SOMETHING 
with the remaining 18 gigs or so of this 20 gig hard drive.

Next time I retire a machine, I might go two a 2-machine system, but I 
think watching the prices on the Linksys Linux routers (wrt54g series) 
and putting the unlocked firmware on them is more likely.  Especially 
when I've seen them at Best Buy for $40 after rebate.

And Bruce, I know you're a D-L developer from my lurking on this list 
for a couple years now.  A firewall that doesn't require a hard drive 
sounds good on paper, but if you go that way you need a CD-ROM and a 
floppy (or a flash disk, I suppose, but I don't have one).  I've seen 
significantly higher mortality rates with optical drives and floppies 
over the years than I've seen on hard drives, not counting the IBM 75gxp 
series. This was with light use from the CD, and I don't want to think 
about how much thrashing you'd have if the machine is starved for 
memory.  Removable drives have a whole host of potential problems, with 
dust, unbalanced media, media getting stuck, and etc.  I'd much rather 
trust an appliance to a single hard drive system and have it email me 
config backups every month than a burned CD and a floppy, either of 
which could make the machine unusable.