Re: [cobalt-security] Using a separate machine for firewalling.

[shimi <shimi@xxxxxxxxxxxxxxxx>]

On Mon, 23 Jul 2001, Bill Irwin wrote:

> Just wondering if you guys have thought about trying a firewall on a
> separate machine. I just set this up at home. On my home LAN, I'm
> connected Via RoadRunner...so my connection is always on (as is most
> cases with you guys serving).
> Several companies have created linux OS based firewalls that are meant
> to run as firewalls only. The one I picked was Smoothwall
> (http://www.smoothwall.org). It has a neat GUI (reminds me of the Cobalt
> GUI), and its VERY easy to setup. It only has basic port-forwarding
> setup which is its only downfall. I have need to poke some holes in the
> firewall in the UDP side of ports (mostly for serving games). I've heard
> it will be addressed in the next version due out (aug 2). It would seem
> to me that having a separate machine setup for a firewall would be a
> very good protection from hackers getting into your system. If they were
> able to get in, chances are they wouldn't have a place to go. Any
> thoughts or experiences with you guys using something like this? (BTW-
> my firewall was setup on a machine that was basically a Pentium 90mhz
> with 16mb ram, a 400mb hard drive and two nics).
> 
> -- 
> Bill Irwin
> Technical Support Engineer
> Sun Microsystems, Inc.

Perhaps I didn't get what you're saying, but, if it's one machine that all
of it's purpose is to ALWAYS DISCARD traffic to non-desired ports, and
ALWAYS FORWARD traffic to desired ports to the Cobalt (or any other server
in the world) - what difference does it make if all that is just replaced
with  allow rules on the target Cobalt (or server) for the desired ports,
and then a discard rule for all other packet matches?

If you don't understand what I mean, feel free to ask...

- shimi.