Re: Using 10/100 Switch for Home network

Fri, 18 Aug 2000 15:57:45 -0700 

> >Is there any disadvantage to using a 10/100 switch with a home network
> >using NAT and a linux firewall.

a) I could not get my 3com905b (semi supported) card to work under Linux with
a 10/100 switch - I think it is because the switch let the card run full
duplex.  The 10/100 hub (which runs half duplex) works fine.  And I needed
the 10/100 hub because the card would not cycle down to 10 mb.  My realtek
adapters work fine.

b) NAT - It is a little bit of a pain, it w orks pretty well and it is good
for religious wars.  Some few people still think you should be connected via
'real' ip addresses.  Make sure you use pci ethernet cards!  I would also
have a P200 class system or better to run the NAT/firewall.

c) IP Chains
Pretty interesting stuff and a bit of a pain.  You make a script stating what
you want filtered.  IP Chains code solves most of the problems of putting a
raw Linux box out on the Internet. - especially for a DMZ.

>From what I can tell - it does not do Level 3 filtering - say remove all
netbios packets even if they are encapsulated in TCP/IP packets.

One food for thought - unless you are tricky you cannot stop IP spoofing on a
DHCP connection.[your average cable modem or dsl connection]  You need to
re-run the chain script when the IP changes.   Linux Firewalls are a good
start.  They are a little painful to configure.  The price is right.   Script
Kiddies often do have scripts - unlike some of the other firewalls.  So keep
up with your patches and run as few of services on the firewall as you can
afford.

d) ISP's
Your ISP may hate you - some ISP's have service agreements explicitly stating
that they don't want you hiding behind a firewall and NAT.  This is a little
strange - but on the other hand - they need to care and they need to catch
you.

e) Resources
Books:Building Linux and Openbsd Firewalls
http://www.amazon.com/exec/obidos/ASIN/0471353663/

Linux Firewalls by  Robert L. Ziegler
http://www.amazon.com/exec/obidos/ASIN/0735709009/

URL's
Ziegler's site:
http://www.linux-firewall-tools.com/linux/

plus:

http://www.linuxdoc.org/HOWTO/Firewall-HOWTO.html
http://www.linuxdoc.org/HOWTO/IPCHAINS-HOWTO.html
http://www.linuxsecurity.com/

-Steve Wolfe

-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to