Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

LAN security
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
ixion
l33t
l33t


Joined: 16 Dec 2002
Posts: 708
PostPosted: Thu Aug 28, 2003 12:14 am    Post subject: LAN security Reply with quote
I have a couple questions about Security:

First off, I am currently using Freesco as a firewall to protect my LAN. In case you didn't know, it uses a Linux 2.0.x kernel with IPFWADM. As I've been reading more and more about IPTABLES, I'm really starting to like it's 'stateful packet filtering' options (mainly to protect against SYN attacks). Now on Freesco's (IPFWADM) defense, it is such old software that most hackers don't bother with it, or care to waste their time trying to hack it (as I've heard). What do you security guru's think (in your most paranoid opinions)? Should I stay with the light and easy configurable IPFWADM-based Freesco, or should I update my firewall box (have to buy a new box, Gentoo doesn't like P133's ;)) and throw a IPTABLES firewall out there to be hit?

My second question is, should I setup IPTABLES on all my internal boxes? This is yet one more layer of security, but I'm afraid my gaming rig may have network performance issues (I do a lot of online gaming). Should I just enable IPTABLES on my File Server? I know there's virtually no change in bandwidth/throughput with/without Freesco. Is IPTABLES just as efficient? Is it worth the added layer of security to configure it?
_________________
only the paranoid survive
Back to top
View user's profile Send private message
rojaro
l33t
l33t


Joined: 06 May 2002
Posts: 732
PostPosted: Thu Aug 28, 2003 10:21 am    Post subject: Reply with quote
i usually use shorewall, as it's very easy to setup and also a very well thought system. it's in the portage tree, so give it a try :)

iptables is also a nice toy to play with. i usually use it on my webservers to redirect port 80 internally to port 8080, so i can run the webserver as a normal user at port 8080 and i don't have to run it as root. i also use this for some smtp and pop3 servers. i am currently experimenting to have the apache running in a chrooted sandbox which should give some additional security, but i also have two servers running this way in usermode linux which is also a good option.
_________________
A mathematician is a machine for turning coffee into theorems. ~ Alfred Renyi (*1921 - †1970)
Back to top
View user's profile Send private message
ixion
l33t
l33t


Joined: 16 Dec 2002
Posts: 708
PostPosted: Thu Aug 28, 2003 12:16 pm    Post subject: Reply with quote
very interesting.. well my overall scheme is to DMZ my internet servers (Web server, game server) and install IPTABLES on those... I also might install IPTABLES on all internal boxes, but have Freesco as my LAN firewall... does that sound like a good plan?
_________________
only the paranoid survive
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy