>>>>> "Keith" == Keith Lofstrom <[email protected]> writes:
Keith> On Wed, Feb 02, 2011 at 12:18:05PM -0800, Daniel M. Head wrote: >> I tried to send this yesterday, but was having some issues with the >> wireless network. Keith> Someday, I need to do better tests of my own iptables setup. Keith> Thinking about Dan's problem, I stumbled across this: Keith> http://ozlabs.org/~jk/projects/nfsim/howto/ Keith> I don't know whether it is actually useful, but it appears to Keith> be a way to test the iptables rules offline. After the rules Keith> are tested and installed, I would use something like nessus to Keith> see if they are keeping the bad guys out. Keith> I've been thinking about how secure my own firewall is. I Keith> looked at the stats for my firewall machine last night. In the Keith> last 70 days, I saw a total of ~40GB of movement on eth0, the Keith> WAN port, and only ~20GB of movement on eth2, the internal LAN Keith> port. Since I do nightly dirvish backups on all machines, Keith> including the firewall, I would expect slightly more internal Keith> than external traffic. Unless you are doing backups *to* (or from) the firewall, the amount of traffic it sees on the internal interface isn't going to reflect traffic within your network. Your backup traffic is going to hit a switch and go directly to its internal destination. You didn't mention eth1. I suspect it might make up the balance of your traffic. -- Russell Senior, President [email protected] _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
