> -----Original Message----- > From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list- > bounces@xxxxxxxxxx] On Behalf Of Ed Wilts > Sent: Wednesday, June 23, 2004 9:12 AM > To: General Red Hat Linux discussion list > Subject: Re: Router/Firewall Recommendation > > On Wed, Jun 23, 2004 at 08:27:40AM -0500, Otto Haliburton wrote: > > I'm not sure what you mean, but you can't get a better firewall than not > > projecting the ip of the internal computer to the outside world. > Remember > > 'nat' there is no better or in depth firewalling. > > NAT will only protect you from inbound new connections. It does > absolutely nothing if you have a rampant application on your Windows box > that opens a port to the outside world. > I believe that you can prevent any outgoing port from being opened to the outside world in the router fyi, in case you haven't prevented that. Plus if that occurs I think that the administrator needs to take swift and decisive action. > Similarly, you can rely on tcpwrappers to control most inbound > connections but outbound is still a free-for-all unless you add iptables > to the mix. > > For the best security, a well designed and implemented iptables > configuration will be better than a hardware firewall. However, for > those looking for "good enough" solutions that solve the most common > attacks, a hardware firewall like a Linksys router/firewall box does the > job fairly well. > I respectfully disagree with you here. A hardware firewall is practically inpenetratable because the outside world never knows the ip address of computers behind the firewall, were as the first level is penetrated automatically by a none hardware firewall, you have to think about this a little to get what I mean. > Personally, I use a Linksys router/firewall with some predetermined > ports forwarded to my Linux system (none to my Windows systems) and add > tcpwrappers to restrict which hosts are actually allowed to use that > service. For example, ssh makes it through the firewall but tcpwrappers > restricts the incoming connections to my office subnet. > if I am interpreting this correctly. Not all of your computers are behind the linksys firewall and that is the problem!!!!! > Another important thing to note is the maintainability of the firewall. > If my Linksys ever dies, I can throw in another one in no time flat with > a fast trip to a local store. If you use a Linux system and have a > hardware failure, you're in for a lot more work. > Agreed > -- > Ed Wilts, RHCE > Mounds View, MN, USA > mailto:ewilts@xxxxxxxxxx > Member #1, Red Hat Community Ambassador Program > > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
