[Gllug] Old small laptop firewall option? Or just send it to the recycling centre?

Philip Hands phil at hands.com
Mon Oct 30 17:16:30 UTC 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Christian Smith wrote:
> Neil de Carteret uttered:
> 
>> On 30/10/06, Pete Ryland <pdr at pdr.cx> wrote:
>>> FWIW, you don't really need a second network card.  You can run the
>>> two networks on the same switch.  If they are distinct subnets, it
>>> should be secure.
>>
>> If you do that, then any host on the switch can communicate with any
>> other host.  So don't do that.
>>
> 
> 
> But if you trust all the devices on your switch, you should be OK.
> Nothing from the internet can talk to devices on your private network so
> long as you trust your modem/router.
> 
> If you have someone on your Wi-Fi subnet, then you probably have bigger
> problems already anyway, and a firewall with two physical ports won't help.

Better than that might be to run the ADSL box in bridging mode, run PPPoE
on the firewall, and so not have a second subnet active on the wire, but
rather a stream of PPP packets -- this also allows you better control of
the outbound queue so that you can do better QoS type stuff with tc.

BTW there used to be a router-on-a-floppy project called the Linux Router
Project, that would run perfectly well on such hardware -- it's since
abandoned and forked, and is now called LEAF among other things (for the
several versions):

  http://leaf.sourceforge.net/  -- the forks

  http://www.psychosis.com/linux-router/  -- the old page

Cheers, Phil.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFRjNqYgOKS92bmRARAsd7AJ4zqWteBYDaQQKLd+0gD+1lK3QqCwCeM7J7
SuM9hZ4kIFyFQ2TIKQKBvbs=
=ZYKn
-----END PGP SIGNATURE-----
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list