Hi Rob, On Sun, May 08, 2011 at 10:08:41AM +0100, Rob Malpass wrote: > He's running one W7 machine and will be connected via cable to a hub. > > Sounds like ipcop or something similar is the way to go - though I must > admit I'm sorely tempted to get a cheap ISP and put it down our second phone > line just for him - definitely the most expedient route!
Will it be though? If he destroys his computers then who has to repair them? Also once there's malware inside your network, this can cause problems. I agree with Vic's suggestions; if you have a firewall box for your own network then it should be easy to run him though this on an additional interface as well. If you don't like having two different subnets then you can make the Linux box act more like a switch (bridge the interfaces) yet still be able to firewall it. Not sure what the support for that is like in IPCop. As you say, host firewalls on everything (even just his machines) is a non-starter: too much effort to administer and risks some malware disabling it, Cheers, Andy -- http://bitfolk.com/ -- No-nonsense VPS hosting "I'd be happy to buy all variations of sex to ensure I got what I wanted." -- Gary Coates (talking about cabling)
signature.asc
Description: Digital signature
-- Please post to: Hampshire@mailman.lug.org.uk Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire LUG URL: http://www.hantslug.org.uk --------------------------------------------------------------
