On Thursday 19 January 2006 17:53, kitts wrote: > On Thursday 19 January 2006 01:20 IST, Nigel Henry wrote: > > > 2) Internet sharing and firewall. Protection as required. > > > > I use Smoothwall Express2, soon to be upgraded to Express3 (just in Alpha > > at the moment). This can be installed on an old machine. I use it on a > > 100Mhz, 32MB RAM, I Ghz harddrive machine, but would suggest something > > perhaps a bit faster, with perhaps 128 to 256 MB RAM, and a bigger > > harddrive. It is secure, and handles NAT (Internet sharing). You can also > > setup a DMZ (demiliterized zone) where you can keep your Internet > > accessable webserver, ftpserver, mailserver, etc, keeping them separate > > from your LAN. Connection to the Internet is either by serial modem (not > > much use if your running a webserver), or ethernet connection to an ADSL > > router/modem. I believe USB router/modems are a problem with Linux. Also, > > and perhaps I'm a bit paranoid, but I also have Guarddog, a GUI for > > IPtables packet filtering firewall on all my client machines. This > > enables you to also block selectively, outgoing ports. Of course, most > > router/modems have built in firewalls, but make sure you get one that has > > connection to your ethernet connection, rather than USB. Again I'm not > > sure of the connections. You probably just need to connect it to the > > uplink on your ethernet switch. > > Thanks for the reference Nigel. I briefly went through the smoothwall site > and it seems good. I am however, concerned that it is not just a software > installation on linux but installs with linux. This would probably alright > but then it seems that the kernel is an old one. > > I am particularly concerned as i do wish to have other software installed > on the server but may be faced with compatibility problem with the older > version of linux in place. I know i will have a subversion server running > on it. > > Or is this all not really a problem at all? I don't believe that this is a problem. The whole idea of using Smoothwall as a dedicated firewall is that you can install it on an older machine, and the only thing installed on this machine is the Smoothwall firewall, which does receive regular system updates. I do not believe that the using of a 2.4 kernel introduces any problems. In my setup I have a serial modem connected to the Smoothwall, and one NIC installed, which connects to my layer 2 ethernet switch. Both of my client machines also connect to the switch. In your situation, and I presume you will be using ADSL for Internet connection. Perhaps the Smoothwall path is not necessary. As I've said, most ADSL router/modems will have a firewall, and NAT (Internet sharing for your client machines). If you choose to use Smoothwall as an option you will need one NIC for connecting to your ADSL ethernet modem (Ibelieve USB modems still will not work with Linux). You will need another NIC for connecting to your LAN, and another if you have a DMZ (demiliterised zone) for running an Internet accessable webserver, ftpserver,etc. The DMZ keeps your LAN isolated from Webserver, FTP server requests from the Internet. > > I do not mind putting up a higher config for the server. I could make my > existing PC; an AMD64 3000+ with 1Gig of RAM be the server while i > personally use a laptop. > > > > 3) Connecting to the local network from outside over the internet and > > > acessing it like it were local. > > > > The Smoothwall will also handle port forwarding so that your client > > machines can also be accessed from the Internet. Obviously your ISP will > > have to have provided you with a static IP address for this to work. > > Otherwise you will have to subscribe to someone like no-ip, if you only > > have a dynamic IP address from your ISP. > > I have had heard of no-ip but never used it. Will smoothwall make it easy > to setup and provide good guidelines on connecting over the internet? I > have not had prior experience with stuff like VPN etc. which i think is > *the* way to do it(?). Being only on dial-up, running a webserver is a bit of a No-No for me, even though I've tested Apache out, but have to give my current IPaddress to the person testing it out. From what I understand about no-ip, you create for yourself a domain name, then whichever dynamic IPaddress is asigned to you by your ISP is redirected by no-ip (or other webredirect service) to your domain name. Effectively, anyone dialing in to your office would use the domain name that you have chosen, and (for instance) no-ip will redirect whatever your current dynamic IPaddress is to this domain name. I don't wish to ramble on, but you've sort of got to be prepared to get your hands a bit dirty working under the hood (bonnet) with Linux. Personally, I think it's worth it, as you learn so much about how computers work, and after all, anythings better than going back to that other OS, with all it's security problems. If you have an older machine just lying around, and the time, put Smoothwall on it and give it a try. All the best. Nigel. > > > There are other hardware firewalls, IPcop for instance, and Firestarter > > (available from Sourceforge) is comparable to Guarddog. There are also > > many others, apart from no-ip offering web redirection. Nigel. > > Gaurdog is already on my list! :-) ___________________________________________________ . Account management: https://mail.kde.org/mailman/listinfo/kde. Archives: http://lists.kde.org/. More info: http://www.kde.org/faq.html.