I got DSL from USWaste 2 years ago and within 3 months my redhat
5.2 server was hacked into (via buggy NFS) due to no firewall. I used
ipfwadm for another year and that worked fine (no need to firewall windows
services cause you cant do anything). I have my own subnet so NAT and
proxy provided solutions I didnt want to use. I didnt want to use a 10-net
and I didnt want to rely on the limitation of the 675 to try to make
something work. I eventually took a seperate linux box (a p133) and
wrote my own firewall program that is completely passive on the network.
It basically works like a 2-port switch that can filter out packets. It
sits between the router and my hub and neither device knows the firewall
is there because its transparent. I also added packet queueing and
prioritization (why stop at just firewalling). Now if someone FTP's a
file and sucks up my bandwidth and I do a ping I get 700+ms but my
counterstrike packets move along at <100ms (unaffected). As I need
more features (like more complex firewalling rules) I just add the features.
I've been using it for about 6 months now and it works great. And its
100% secure. Neither NIC has a MAC address or IP address so there
is absolutely no way for the firewall to get hacked into. Still a few quirks
to hammer out when I get time, but nothing too serious.

Next feature to add is bandwidth throttling (CAR if your a cisco fan)...

All it takes to make this work is a 486 or higher box with 8-16MB,
2 NICs and redhat 6.0+.

Let me know if anyone's interested in more details...(and no, the source
code has NOT been released...yet).

BTW, the 675 has a habit of locking up occasionally when the DSL
lines goes down for some reason meaning that when the DSL line
comes back up the router still wont forward. I've had to reboot it and
the line comes back no problem. Happened 3-4 times in 2 years...nothing
too serious.


At 03:27 PM 11/17/00 -0600, you wrote:
>Hey everybody,
>
>DSL is finally available in my neighborhood and my line is scheduled to go
>live 11/27. I thought this would be a good opportunity to document the
>process and various do's and donts for people who would like to have a
>simple network at home with DSL. The first question is, should I stick to
>the Cisco 675's built-in NAT/firewall capabilities or roll my own with a
>separate Linux box? I think it would be instructive to consider some pros
>and cons.
>
>Here's my setup, which I think would be typically of the average,
>non-professional Linux geek. I'll have two computers at home. The first is a
>workstation dual-booting Linux and Win9x. The second is Linux only and will
>provide whatever network services I need. At this point I plan to have a
>simple Web page (I bought my own domain) and provide listservs for family
>and friends. I can find an old 486 (or better) to use as a dedicated
>firewall with no problem.
>
>Anyone care to contribute some thoughts on the 675 vs. Linux firewall
>debate?
>
>-Tim
>
>--
>Tim Wilson      | Visit Sibley online:         | Check out:
>Henry Sibley HS | http://www.isd197.k12.mn.us/ | http://www.zope.org/
>W. St. Paul, MN |                              | http://slashdot.org/
>wilson at visi.com |   <dtml-var pithy_quote>     | http://linux.com/
>
>_______________________________________________
>tclug-list mailing list
>tclug-list at lists.real-time.com
>https://mailman.real-time.com/mailman/listinfo/tclug-list
>