Re: [slim] (a bit OT) firewall in the router (was Squeezebox2)
Jack Coates wrote: Phil Karn wrote: http://leaf.sourceforge.net provides a number of very nice pre-rolled Linux firewall distributions which are well-suited for use on Soekris. I particularly want to mention the m0n0wall-project, [http://m0n0.ch/wall/], specifically designed to run on embedded firmware. I, and many like me, run it on discarded Pentium machines with no hard drive, and next to no memory. (Boot from CD-rom, config file on dikette) with great satisfatcion and speed. i always keep a few of those garbage bin collectibles for need of potential spare parts. And now one is biding its time as a free (cost-wise) important building block in the home network topology. /peter ___ Discuss mailing list Discuss@lists.slimdevices.com http://lists.slimdevices.com/lists/listinfo/discuss
Re: [slim] (a bit OT) firewall in the router (was Squeezebox2)
Ken Hokugo wrote: Dean or anyone, Would the firewall feature in these routers (wireless or wired) be good enough so that I can get rid of Zonealarm Pro which contributes 10 to 15% more of CPU usage when playing Slimserver? If I could get rid of the sw based firewall, that would be great. the short answer is that there is good reason to use both the features of your router firewall at the network edge, _and_ software protection on the machines inside your LAN. the reason is that each can protect from different threats. the edge firewall will close off ports, can drop packets for some well known attacks (SYN, et.al.) and just generally keep net-scanners at bay. the s/w firewall can do some or all of the above, but also protect you from downloaded components that may be trying to send data. zone alarm pro is particularly good at this. it can also help keep a virus from spreading inside your LAN. as far as the CPU issue with ZAP, have you tried making configuration changes that might keep it from inspecting the SS/SB packets so aggressively? i don't have any specific recommendations off the top of my head, but i do know that ZAP has some very granular settings for trust that can be based on program, IP, port, protocol, etc. i'd guess you could get it to stand down somewhat w/r/t this traffic. --rt ___ Discuss mailing list Discuss@lists.slimdevices.com http://lists.slimdevices.com/lists/listinfo/discuss
Re: [slim] (a bit OT) firewall in the router (was Squeezebox2)
Ken Hokugo wrote: Dean or anyone, Would the firewall feature in these routers (wireless or wired) be good enough so that I can get rid of Zonealarm Pro which contributes 10 to 15% more of CPU usage when playing Slimserver? If I could get rid of the sw based firewall, that would be great. A particularly powerful and flexible firewall is a Linux box with multiple Ethernet interfaces. If you'd rather not dedicate a full-blown PC to the job, Soekris Engineering (www.soekris.com) makes a line of single-board PC-compatible machines specifically designed as network engines. They come without any software, so you have to roll your own, but there are many people who can help you. I have a Soekris net4801 acting as my primary router. It provides QoS (Quality of Service) in the upstream direction to my DSL line, along with DHCP, IPv6 routing/tunneling and IPv4 NAT for any local machines that need it. Except for the filtering inherent in a NAT, it doesn't actually filter any packets because I basically don't believe in firewalls; I'd much rather just keep my individual machines as secure as possible. Basically, that means banning anything and everything from Microsoft; we're in the process of getting rid of the very last Windows machine on our network (my wife's desktop) and replacing it with an iMac. The combination of Mac OS X on the desktop and Linux on servers can do pretty much everything Windows can do, and do it a whole lot better and with far better security. Phil ___ Discuss mailing list Discuss@lists.slimdevices.com http://lists.slimdevices.com/lists/listinfo/discuss
Re: [slim] (a bit OT) firewall in the router (was Squeezebox2)
Phil Karn wrote: Ken Hokugo wrote: Dean or anyone, Would the firewall feature in these routers (wireless or wired) be good enough so that I can get rid of Zonealarm Pro which contributes 10 to 15% more of CPU usage when playing Slimserver? If I could get rid of the sw based firewall, that would be great. A particularly powerful and flexible firewall is a Linux box with multiple Ethernet interfaces. If you'd rather not dedicate a full-blown PC to the job, Soekris Engineering (www.soekris.com) makes a line of single-board PC-compatible machines specifically designed as network engines. They come without any software, so you have to roll your own, but there are many people who can help you. http://leaf.sourceforge.net provides a number of very nice pre-rolled Linux firewall distributions which are well-suited for use on Soekris. -- Jack at Monkeynoodle dot Org: It's a Scientific Venture... Riding the Emergency Third Rail Power Trip since 1996! ___ Discuss mailing list Discuss@lists.slimdevices.com http://lists.slimdevices.com/lists/listinfo/discuss