l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
June 2: Social gathering
Next Installfest:
Latest News:
May. 19: LUGOD special elections
Page last updated:
2001 Dec 30 16:59

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Firewall
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Firewall

Yeah, based on Pete's post I started looking at LRP (even saw your name (Mr.
Newmiller) in a link).  I think I'd like to build one, but the project seems a
little disarrayed, and misleading.

I'd like to build 2 (both without hard drives and bootable off a single floppy):

2 NICs, DHCP server, able to get a dynamic IP (external) from my ISP

3 NICs (External, DMZ, Internal), DHCP Server, fixed IP

Where should I start?

BTW, I don't understand the 2 firewall setup.

If you guys will help me get it working, I'll try to write a HOW-TO


Jay Strauss

----- Original Message -----
From: <jdnewmil@dcn.davis.ca.us>
To: <vox-tech@franz.mother.com>
Sent: Wednesday, January 10, 2001 5:57 PM
Subject: Re: [vox-tech] Firewall

> On Wed, 10 Jan 2001, Jay wrote:
> > I'm trying to decide how to setup my next firewall.  I see smoothwall
> > (which I hear is pretty good) uses only 2 nics (internal and external)
> > and port forwards request to machines on the private internal network.
> Two nics is pretty much a minimum for a firewall. :)
> > Then others use that External/DMZ/Internal setup (like in the ipchains
> >
> > Why would I choose one over the other?
> Paranoia.  If you allow ANY services to portforward in and there is a
> security flaw in the server daemon(s), then once your box is cracked
> your whole network is compromised.  If you have three NICs, or better yet,
> a second firewall, then your private lan can access the server, and the
> outside world can access it, but if the server is cracked then they are
> faced with getting through a firewall that contains no holes.  The
> headache with this is that your server is pretty thoroughly isolated from
> your LAN, so YOU can't schedule actions to push data into your lan... all
> data movement to or from your LAN must be initiated from within the lan.
> Thus, if you have a database you want to serve data from it must be in the
> demilitarized zone on or with the other servers.
> Most people don't want to setup dedicated servers in their homes with
> limited communication among the rest of their network, just because
> someone _might_ be able to crack their system.
> > Also, isn't there some way to setup a firewall that doesn't have hard
> > drive and boots off the floppy.
> http://www.linuxrouter.org  (barebones, but simple)
> http://lrp.c0wz.com  (clearing house of information about LRP)
>        (Steinkuehler's preconfigured images can make initial
>        setup very easy.... _if_ he has one that matches your needs.
>        Rather complex if you start adapting it to different setup.
>        Douthitt's Oxygen is tuned for experienced *nixers.)
> ---------------------------------------------------------------------------
> Jeff Newmiller                        The     .....       .....  Go Live...
> DCN:<jdnewmil@dcn.davis.ca.us>        Basics: ##.#.       ##.#.  Live Go...
> Work:<JeffN@endecon.com>              Live:   OO#.. Dead: OO#..  Playing
> Research Engineer (Solar/Batteries            O.O#.       #.O#.  with
> /Software/Embedded Controllers)               .OO#.       .OO#.  rocks...2k
> ---------------------------------------------------------------------------

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Appahost Applications
For a significant contribution towards our projector, and a generous donation to allow us to continue meeting at the Davis Library.