[ale] recommendations for a..... standalone Linux security firewall...

JK jknapka at kneuro.net
Wed Nov 5 13:19:26 EST 2008


Geoffrey wrote:
> Jim Lynch wrote:
>> Geoffrey wrote:
>>> Courtney Thomas wrote:
>>>   
>>>> Greetings !
>>>>
>>>> I want to use a standalone Linux box, possibly running from a CD and through
>>>> which all must pass, at least from the internet, that will be a firewall for
>>>> my home LAN. But if running from a CD gains nothing, forget it. I have
>>>> several older idle boxes if they'd suffice. I can also go wired or wireless,
>>>> and am receptive to any setup.
>>>>
>>>> What recommendation(s) do you have for such a box, please ?
>>>>     
>>> Smoothwall
>>>
>>>   
>> Just curious, do you have to have a system with two NICs to run a 
>> firewall? From a security standpoint, it make sense but is it a requirement?
> 
> With smoothwall you do.  I'm not sure how you would implement a firewall 
> with one, if that's what you're trying to ask.  Basically, the firewall 
> is taking input from somewhere and processing it out another.


And while you certainly *could* do this with a single interface
(by aliasing eth0 with multiple IPs), there would be little point,
since anything that talked via the firewall could just as
easily talk directly to the boxes "behind" the firewall -- they
would physically be on the same network segment.  And that
traffic would be 100% sniffable, as well, unless there were
encryption in place on all the traffic (logically) "behind" the
firewall.

Hmm, I guess if the firewall were only to accept IPsec (or
otherwise encrypted) traffic to/from the "protected" addresses
"behind" the firewall, this could actually be a useful thing to
do.

-- JK

-- 
I do not particularly want to go where the money is -
  it usually does not smell nice there. -- A. Stepanov


More information about the Ale mailing list