[NCLUG] Network configuration
Quent
quent at pobox.com
Wed Oct 25 22:41:34 MDT 2000
I like the packet filter/firewall tool "ipf" on OpenBSD. The "ipnat"
gizmo is pretty nifty too.
Unlike ipchains, ipf can keep state info on ICMP, UDP and TCP. I think
the code ports to other O/S's like Linux and Solaris. You can build a
tighter firewall with it, IMHO.
With all the excitement over embedded Linux (the current Linux Journal has
a nice supplement) I'm expecting to see some cool firewall projects. It
would be nice to build a little firewall box the size of a cheapo 4 port
hub with no moving parts. I guess I should enter their contest :-)
The Cisco 675 DSL box has packet filtering ability. For non-routed,
bridged-mode guys like me it's not useful; I'm not sure I trust it either.
Anyone have any experience with it?
Whoops, didn't mean to drive this thread down another path :-)
Quent
On Wed, Oct 25, 2000 at 10:24:27PM -0600, MEDBERRY,DAVID (HP-Loveland,ex1) wrote:
> Yep, Lot's o' fun ahead.
>
> I agree with Quent.
> 1) Use a secure by default system (say, OpenBSD)
> 2) Use a DMZ
> 3) Virtual Host n-webs on One PC. (Unless you "are" a web hosting
> service.... and the clients require 'PHYSICAL SEPARATION')
> 4) Bring the extra machines to the next NCLUG and trade old hardware for
> expertise.....
>
> -dave
> _______________________________________________
> NCLUG mailing list
> NCLUG at nclug.org
> http://www.nclug.org/mailman/listinfo/nclug
>
>
More information about the NCLUG
mailing list