Just thought I might add some comments to this, being the proud owner/maintainer for a number of systems which large internet pipes and volume based charging plans...
- If you use an 'out of the box' firewall like smoothwall Check the rules it uses.. I've just had my first experience with Smoothwall for some time and was surprised to see that by default it has no egress filtering, which is where 90% of your problems are likely to come from in the runaway volume stakes. It is only set up for intrusion detection from the outside, it doesn't do anything else. - Using a standalone firewall will stop pretty much nothing in terms of runaway volume charging. If you annoy a script kiddie in a chat room, they will tell all their friends your IP, and it's gonna cost. Even if their large packet pings don't get through your firewall, they still make it to the modem and go through the ISP's router. - If you do run a firewall machine, run a squid proxy on that machine, and set up your egress filtering so your own machine (and any others on the LAN) can not surf the web directly. This will eliminate some of the 'auto update' features of software from hitting the volume. - Think before you hit enter.. I know a chap who did an apt-get for kde3, and didn't realise some of his dependant stuff was out of date.. 310Mb later he had kde3, and no volume left on his jetstream for the month. up2date Redhat can give problems as well.. With the current total size of RedHat 7.2 patches at 545Mb you don't want to be running up2date on a new box without at least some of them stored locally. (Of course not all will be required for your system, that is _all_ the patches that take up that much space...) - If you just _have_ to run napster type file sharing programs (don't know what the current ones are..) do it on an all you can eat account... - If you're really paranoid, set the dropout timeout on the modem to quite short, 2 minutes. It'll cause login delays now and then, but your IP will change more often, and the chance of inbound traffic causing volume runaway is lower. - If you like to rsync 10 new distros a month, and download huge divx files, I would suggest that a dial-up with a good external modem on a dedicated line would be a better investment than ADSL with the current charging regimes. I don't have ADSL (Can't get it here in Leeston yet) but I've pulled just over 1.4G in the last month using wget and rsync according to my firewall log, and it's cost me $29.95+$35 (xtra+phone line). Sure I can only pull about 300Mb a day, but it ain't at $0.20 a Mb.. Cheers, Chris. ----- Original Message ----- From: "Christopher Sawtell" <[EMAIL PROTECTED]> > 1) Never, ever, go broadband without a separate firewall machine. > There are several very good ones which you can use in an old '486. > > 2) Never, ever, run Microsoft IIS > (Take care, it's activated by default on some older systems) > > 3) Check your traffic volumes every day. Some firewalls have this > built in, and Telstra / Saturn have a www page for it. > > 4) Take a regular peek at the "Activity" light on the Cable Modem. > If it's on continuously when you are not expecting it, you > have problems. > > 4) Check your firewall logs every day. ( Do as I say, not as I do :-) > > 5) Set up a $100 limited liability company to run your connection. > This might provide you with some protection. ( IANAL ) > > 6) Go bankrupt. > > -- > C. > > > > >
