OT: ADSL safe practices and setting up a home network

Eugen Leitl eugen at leitl.org
Fri Apr 14 17:28:29 UTC 2006


On Fri, Apr 14, 2006 at 10:13:35AM -0700, Wolfgang S. Rupprecht wrote:

> Note, I can't see the value of running one of those under-powered
> boxes as a firewall.  Why?  It uses the same software firewall that

200 MHz MIPSel with 32 MBytes RAM is underpowered for a residential
firewall? Only for most extreme P2P users. If it sucks you're running
the wrong firmware. 

If it's underpowered, use a 266 MHz soekris or wrap board with 128 MBytes --
and add swap space, if you must. If it's *still* underpowered, take a 
mini-ITX Eden, booting from compact flash.

> fedora does.  Why not run the firewall on a more powerful box like
> your main computer?

Because a software firewall is complementary to an external
firewall. You could risk running a rich environment behind
an external firewall without exposing your soft white underbelly
to the net badness -- but arguably you should run a tight
ship nevertheless. Notice that a software firewall can
in principle know which application is using which port -- which
an external firewall wouldn't know.

Arguably (though it's overkill for a standard box) you
could run RSBAC/grsecurity/selinux/PaX as an extra hardening
layer.

-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820            http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: Digital signature
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20060414/9be2bf0c/attachment-0002.bin 


More information about the users mailing list