[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Using a separate machine for firewalling.
- Subject: Re: [cobalt-security] Using a separate machine for firewalling.
- From: shimi <shimi@xxxxxxxxxxxxxxxx>
- Date: Mon, 23 Jul 2001 07:26:46 -0700 (PDT)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Mon, 23 Jul 2001, Bill Irwin wrote:
> Just wondering if you guys have thought about trying a firewall on a
> separate machine. I just set this up at home. On my home LAN, I'm
> connected Via RoadRunner...so my connection is always on (as is most
> cases with you guys serving).
> Several companies have created linux OS based firewalls that are meant
> to run as firewalls only. The one I picked was Smoothwall
> (http://www.smoothwall.org). It has a neat GUI (reminds me of the Cobalt
> GUI), and its VERY easy to setup. It only has basic port-forwarding
> setup which is its only downfall. I have need to poke some holes in the
> firewall in the UDP side of ports (mostly for serving games). I've heard
> it will be addressed in the next version due out (aug 2). It would seem
> to me that having a separate machine setup for a firewall would be a
> very good protection from hackers getting into your system. If they were
> able to get in, chances are they wouldn't have a place to go. Any
> thoughts or experiences with you guys using something like this? (BTW-
> my firewall was setup on a machine that was basically a Pentium 90mhz
> with 16mb ram, a 400mb hard drive and two nics).
>
> --
> Bill Irwin
> Technical Support Engineer
> Sun Microsystems, Inc.
Perhaps I didn't get what you're saying, but, if it's one machine that all
of it's purpose is to ALWAYS DISCARD traffic to non-desired ports, and
ALWAYS FORWARD traffic to desired ports to the Cobalt (or any other server
in the world) - what difference does it make if all that is just replaced
with allow rules on the target Cobalt (or server) for the desired ports,
and then a discard rule for all other packet matches?
If you don't understand what I mean, feel free to ask...
- shimi.