Re: DSL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Jul 21, 2003 at 07:36:59PM -0700, Joe wrote:
> Ed Wilts wrote:
> 
> >My recommendation would be to buy something like a Linksys router if you
> >can afford it and put it between the DSL modem and the Linux system.
> >The Linksys offers two things - a switch with NAT functionality to
> >support other systems in your house, and a firewall that's on by
> >default.  Until you get comfortable configuring Linux in an always-on
> >environment, it's nice to have a low-cost firewall that does the basics
> >for you.
> >  
> IMHO if you've got a linux box you've already got a much more 
> sophisticated and flexible router than a linksys could ever be - the 
> linux box can be the router/firewall, vpn server, dns server, mail 
> server, web/ftp server, dhcp server and more - but it's pretty easy to 
> set linux up just as as a basic nat firewall, and it's a good way to learn.

The Linux system can certainly do it, but it's not ideal for me - your
mileage, of course, will vary.  My Linux system is my dns server, mail
server, and ftp server (and more).  It's not my firewall since it can be
rebooted any time and the rest of my systems still work.  I used to have
my Linux system be the gateway.  It didn't suit my purposes, but I know
that many people do like it setup that way.  Whatever works for you.  I
don't disagree that Linux is more flexible and sophisticated, but that's
also its shortcoming - it's so powerful and sophisticated that most
people can't drive it properly as evidenced by the many iptables and
ipchains questions I've seen over the years.

I also don't like the idea of having critical services on a firewall
system.  One system is breached, and the attacker is in.  With my
config, the attacker has to breach 2 separate systems to get anywhere.
Yes, I could have a separate Linux system, and I've run that config too.
It's yet another system to manage and keep up to date with security
patches, maintain backups, etc. and a full system takes more heat and
power.  My Linksys firewall could die and be replaced with a quick trip
to one of the local computer stores.  If the Linux system fails, it
could potentially be a lot more work (no mirroring on this system, for
example).  The Linksys also really wins for those Linux admins who don't
take security seriously, and that's unfortunately more people that we
want to admit to.  It's more work to admin a Linux system that it is to
admin a Linksys system.

-- 
Ed Wilts, Mounds View, MN, USA
mailto:ewilts@xxxxxxxxxx
Member #1, Red Hat Community Ambassador Program


-- 
Shrike-list mailing list
Shrike-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/shrike-list

[Index of Archives]     [Fedora Users]     [Centos Users]     [Kernel Development]     [Red Hat Install]     [Red Hat Watch]     [Red Hat Development]     [Red Hat Phoebe Beta]     [Yosemite Forum]     [Fedora Discussion]     [Gimp]     [Stuff]     [Yosemite News]

  Powered by Linux