Re: adsl router security
From: €®ik (no email)
Date: 12/13/03
- Next message: €®ik: "Re: Firewall Script"
- Previous message: Mark Hackett: "Re: Firewalls: what's the use?"
- In reply to: Andy Baxter: "adsl router security"
- Next in thread: Bill Unruh: "Re: adsl router security"
- Reply: Bill Unruh: "Re: adsl router security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 13 Dec 2003 22:21:06 +0100
On Wed, 10 Dec 2003 16:12:43 +0000, the right honourable Andy Baxter
<news3@earthsong.null.free-online.co.uk> wrote:
>I have an adsl 4 port router/modem, badged as 'spark' but with a conexant
>chipset. I have configured it to connect my local machines to the NAT, and
>used the virtual server feature to route packets on ports 21 and 80 to the
>FTP and http ports (proftpd & apache) of my server machine, which is on
>the same local network as my main machine. The server machine is also
>running ssh and mysqld but no other network services. The main machine is
>running apache, mysqld, qmail, portmap, gdomap, inetd, lpd, tcpserver,
>xfs-xtt, gnustep_sndd and gdm.
>
>What I would like to know is whether the firewall on the router is likely
>to be enough to protect me from external attacks? Obviously it makes sense
>to configure the local machines to be as secure as possible also, but are
>the firewalls on these routers good enough to rely on as a first line of
>defence, or should I put some more firewalling in behind the router. E.g.
>I could reconfigure the network so that the main machine can reach the net
>only through the server machine, and run a good linux firewall on that, or
>else get hold of another old pentium, put it in a cupboard somewhere, and
>use it just as a firewall for my whole network.
>
>I'm only using the machine for web browsing, email, newsgroups, and a bit
>of web design and programming, so security isn't crucially important, but
>I would like to at least take sensible precautions.
>
>andy.
im not an expert (yet). but I'm reading up and exercising with
iptables etc.
What I learned, is that the modem/router FW's are mostly still based
on IPChains, which is old. New seems to equal better in Linux
security.
So you have to use the newest (iptables) en keep it updated. Updating
a modem/router is difficult if not impossible.
Once I have a good FW running on my linux box, I switch off the FW in
the router. Then I'll have full control over what goes in and out.
Bob Toxen's book is a good help, I find:
http://www.amazon.com/exec/obidos/ASIN/0130281875/qid%3D/103-8651690-3417439
although I found a few errors in sources.
frgr
Erik
- Next message: €®ik: "Re: Firewall Script"
- Previous message: Mark Hackett: "Re: Firewalls: what's the use?"
- In reply to: Andy Baxter: "adsl router security"
- Next in thread: Bill Unruh: "Re: adsl router security"
- Reply: Bill Unruh: "Re: adsl router security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
