[Gllug] Old small laptop firewall option? Or just send it to the recycling centre?
Philip Hands
phil at hands.com
Mon Oct 30 17:16:30 UTC 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Christian Smith wrote:
> Neil de Carteret uttered:
>
>> On 30/10/06, Pete Ryland <pdr at pdr.cx> wrote:
>>> FWIW, you don't really need a second network card. You can run the
>>> two networks on the same switch. If they are distinct subnets, it
>>> should be secure.
>>
>> If you do that, then any host on the switch can communicate with any
>> other host. So don't do that.
>>
>
>
> But if you trust all the devices on your switch, you should be OK.
> Nothing from the internet can talk to devices on your private network so
> long as you trust your modem/router.
>
> If you have someone on your Wi-Fi subnet, then you probably have bigger
> problems already anyway, and a firewall with two physical ports won't help.
Better than that might be to run the ADSL box in bridging mode, run PPPoE
on the firewall, and so not have a second subnet active on the wire, but
rather a stream of PPP packets -- this also allows you better control of
the outbound queue so that you can do better QoS type stuff with tc.
BTW there used to be a router-on-a-floppy project called the Linux Router
Project, that would run perfectly well on such hardware -- it's since
abandoned and forked, and is now called LEAF among other things (for the
several versions):
http://leaf.sourceforge.net/ -- the forks
http://www.psychosis.com/linux-router/ -- the old page
Cheers, Phil.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFRjNqYgOKS92bmRARAsd7AJ4zqWteBYDaQQKLd+0gD+1lK3QqCwCeM7J7
SuM9hZ4kIFyFQ2TIKQKBvbs=
=ZYKn
-----END PGP SIGNATURE-----
--
Gllug mailing list - Gllug at gllug.org.uk
http://gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list