I'll explain a bit about the router, in case it helps. First, it's a two-wire something or another. It's one of those crosses between a modem and a router, and does not do either job very well. So, my solution was this: every time the power or internet goes out, the router seems to lose all open ports, and things end up becoming a huge mess. I thought that in order to save time, I could DMZ linux, as that is the only computer that needs outside access anyway, and spend a few mnutes fighting with the router rather than trying to open up all needed ports again; iptables just handles that problem for me, and it's painless to do it that way, or less so than the router approach, anyway. Right now I treat the router as nothing but a modem, what with it's abbilities at scruing any network configuration up, I'm scared to even think it's providing my connection, but, it works. >> It appears to me as though you are looking at your problems in terms of >> solutions, rather than defining the problem and solving the route causes. > > On that I will agree with you--I have said that before about his > methodology, but we can but point this out, and then try to answer the > questions presented or provide better advice; with the only other option > being to say "you're doing it wrong, good luck figuring out how". I, for > one, do not choose such a hard line approach. I have not always gone > about things in the generally accepted way, and some times you really do > have a good reason for it, and just need to know how best to do it wrong, > because right is not possible. Most of my problems branch from lack of knowing that this tool was available, etc. I try to track down a problem and work from there, in solving the problem. I'm not totally sure what the origenal comment was supposed to convey. Thanks again for all the help. Thanks, Tyler Littlefield email: tyler at tysdomain.com web: tysdomain-com Visit for quality software and web design. skype: st8amnd2005 ----- Original Message ----- From: "luke" <speakup@xxxxxxxxxxxxxxxxxx> To: "Speakup is a screen review system for Linux." <speakup at braille.uwo.ca> Sent: Tuesday, November 25, 2008 5:02 PM Subject: Re: programm issues--moving files back and forth > On Tue, 25 Nov 2008, Kerry Hoath wrote: > >> We're running Cisco classes next year for the vision impaired, >> www.cucat.org. >> >> dmz is a bad idea, anyone who forwards all ports to any box without >> serious >> consideration for network security is asking for trouble, > > Anyone who puts anything on a two-way connection without serious > consideration for network security is asking for trouble. But that is > neither here nor there: who's to say that he hasn't considered network > security? > > > similarly to those who run modems in bridge mode and the like. > > You would seem to be saying, that "If your router isn't providing > security, then you have none". > I'm sorry, but this is a Ciscoian mind-set if ever I heard one. > > > If the system is secured by reasonably good firewalling software--and > iptables and its higher level abstractions such as ferm certainly > qualify--there is very little wrong with doing what he is doing. > After all, how many routers are running Linux and Iptables these days for > this very thing? And many of them Linksys, now owned by Cisco. > > If iptables is setup correctly, this is no different than running a server > on a business class connection--you must still take steps to protect the > ports of the server, regardless of whether you have a router. For > smaller (T1, etc.) installations, the router is usually ISP administered, > and you can not block any ports without special arrangements. > > Now, the value of DMZing in this arrangement is dubious for the simple > fact that it seems unnecessary, but not knowing what kind of router he > has, it is hard to say that there are better options available, although > there should be. > >> It appears to me as though you are looking at your problems in terms of >> solutions, rather than defining the problem and solving the route causes. > > On that I will agree with you--I have said that before about his > methodology, but we can but point this out, and then try to answer the > questions presented or provide better advice; with the only other option > being to say "you're doing it wrong, good luck figuring out how". I, for > one, do not choose such a hard line approach. I have not always gone > about things in the generally accepted way, and some times you really do > have a good reason for it, and just need to know how best to do it wrong, > because right is not possible. > > > Why these problems are an issue for the speakup list; i'll never know; >> although it seems the list for any blinky linux trouble these days. > > There are two reasons for that I suppose. > > One is that most don't know of other options, and many of the more > knowledgeable non-specialized types hang out here. This is a commandline > related list, and most of these problems relate to things at that level. > > For me, for example, the only general list I know of, is the > blinux-list, which at least used to be hosted by Redhat. There were > reasons not to like that list, and many to like this one, including the > fact that Kirk does not often complain about off topicness. > > Perhaps Kirk sees it as a list for users of speakup, as opposed to > a list for discussions about the use of speakup. If so, then general > questions would seem reasonable. > > JMHO. > > Luke > _______________________________________________ > Speakup mailing list > Speakup at braille.uwo.ca > http://speech.braille.uwo.ca/mailman/listinfo/speakup
