> Does anybody have any on-line references or experiences which I could use
> to explain to someone why using a dedicated box running Linux -IPChains -
> IPMASQ is preferable to using the gateway feature of W98?
>
> My problem is that I know what Linux gives you - but I don't know what the
> W98 gives or doesn't give you.
>
> I'm certain that Linux gives much better security...
better security since in linux your able to configure with ipchains the
ports,hosts (source and destination) that are allowed to be accessed.
the server is less likely to be hacked because with tcpwrappers you can
cover up ports that are potential hack points.
---
the gateway feature of win98 is also a firewall in a sense that
workstations from the external network cannot access the internal network.
this keeps the units inside the NAT gateway safe. but, the win98 gateway
itself is not protected from external treats since it does not have port
access control and cannot configure masquerading rules. (that is if you
install win98 out of the box btw. there are tools for protecting win98
from external network threats but are not or maybe not be included in the
win98 installation CD)
> I'm certain that Linux is much more configurable...
yup as mentioned above win98 does not allow for selective masquerading
unlike linux. however, you can get third party tools that are able to do
this for win98.
tcpwrappers are also very configurable. you can even switch the port
locations to confuse potential hackers.
> I'm certain that the Linux solution will run on lesser hardware...
>
i have not been able to quantify hardware cost savings. but, in our case
here in the residence halls at the university, the server that was a NAT
gateway, SMTP, HTTP, FTP, SMB server for the whole dorm network ran easily
on a P75 w/ 16 MB RAM. i could even use X at the console and not get
any performance problems.
if all you need is a NAT solution alone and not the other services linux
has to offer, you can use the LRP (linux router project) diskettes. this
is proof that linux is lean and mean. that single floppy disk can built up
a router and not just a simple NAT gateway. you get all the tools like
ipchains and tcpwrappers. if you add floppies you can even add some more
services like IRC, SMTP, mini-HTTP and others.
other benefits of linux:
Linux gateway solutions offer much more services. with a linux solution
you can offer a SMTP, HTTP, FTP, SMB and other servers/daemons in that
same machine. you will simply have to maintain one low end machine instead
of multiple machines. since, linux can runs on low-end machines you
can afford to buy another low-end machine as a backup to ensure as little
down time as possible (configuring LVS-linux virtual servers into the
linux kernel and other HAV-high availability tools will also automate the
ip takeover of the failing system by the new system and other neat
features). plus, with package managers like RPM and DPKG, it is easy to
install and configure linux.
installing is as simple as "rpm -ivh <package name>"
uninstalling is as simple as "rpm -evh <package name>"
upgrading is as simple as "rpm -Uvh <package name>"
to ensure that your system is using the latest releases, they are
available at the web. redhat and mandrake are two of the quickest
companies that release security patches and upgrades. you simple hit their
website or any of their mirrors worldwide.
summary:
using win98 as a NAT gateway is sufficient if a person want to simply
share internet at home. it is easy to configure and takes less
maintainance. (if you are lucky not to get the blue screen of death). for
a simple home network, the win98 solution maybe sufficient for your needs.
however, "UPGRADING" to the linux solutions provides RAS (reliability,
accessibility, and servicibility). reliable in a sense that it is a stable
OS and you can configure it for enhance security and maximum performance.
some of these tweaks are only possible because linux is open source.
accessibility in a sense that linux patches and upgrades can simply be
found on the web for free. it is also easy to attain linux documentation
or help about linux from a local users group like PLUG. servicibility in a
sense that the upgrade, install, uninstall mechanism is simple. the local
PLUG mailing list and other open source mailing lists are valuable sources
of SNAP information. the www also contains a lot of self-help guides for
linux.
linux also lowers TCO (total cost of ownership) by enabling systems
integrators to place a multitude of services into a single machine. this
lowers hardware costs. software costs are lowered since linux and all if
not most of the software you will need to implement a linux solution are
also available for free. maintainance costs can also be reduced since
linux distributions now include GUI systems administration tools like
linuxconf that make system administration easier. linux also provides a
free tech support base in the form of the local linux users group like
PLUG. training costs can be reduced by joining linux installfest, seminar
and workshop which are usually free or charge a small fee.
"UPGRADING" to linux is a very attractive solution.
> But, before I go shooting off my mouth, and maybe shooting myself in the
> foot, I thought I'd ask.
>
did i go shooting off my mouth. now who is going to shoot me in the foot.
hehehe.
---------------------
[EMAIL PROTECTED]
volcano, n.:
A mountain with hiccups.
-
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
