Setup: Home Lan with principle desktop machine running Gentoo. Three other machines running WinXP that are a trio of video and sound editing machines. And finally my wifes WinXP machine in antoher room. All connected by Gigabit lan thru a netgear FVP318 router/firewall.
I want to begin scanning thru the traffic that bounces off my router/firewall. The router logs themselves are in a bad cumbersom format. And if I use an available option to output them to a lan System logger the information is greatly truncated and nearly useless. Router logs can be emailed but again they are cumbersom and clunky. That how I currently look through them. So cutting to the chase, I don't want to even mess around with those methods. Been there done that... didn't like it. The router has an option to route traffic to a DMZ machine. In the past when I got this same urge 2 or so years ago I setup an Openbsd OS on an older PC. Buttoned it down what little I knew to do and had lots of fun with incoming traffic.... I mean just studying and being amazed etc. I want to do that again but don't have that old machine anymore and don't want the unfamiliar hassle of relearning whatever I knew about OpenBSD. I don't want the hassle of hardening my main desktop... preferring to keep it pretty loose behind the firewall. Running a lan webserver and the like. I wondered if any of the security buffs here could tell me if a vmware gentoo guest running on one of the winXP boxes could be setup to have an independant tap on the Firewall as DMZ and not be offering every hack whiz out there a shot at my home lan. As I remember you can setup vmware with its own network address, not sharing its hosts address to some degree. But I wondered.., since any traffic is really going thru that WinXP hosts nic one way or another if it would be as safe as a truly independant host with its own ethernet wire to the router. (which is switched). Would I likely be opening my lan up for some christmas shopping by having a gentoo guest on a WinXP host running as a DMZ machine? It would be pretty barebones with a IPTABLE setup for logging and tagging or whatever I get interested in doing with the traffic. No X server or other frills. -- [EMAIL PROTECTED] mailing list
