nanog mailing list archives
RE: Security on a home DSL Line
From: Roeland Meyer <rmeyer () mhsc com>
Date: Fri, 3 Nov 2000 07:44:00 -0800
I did that ... too much work. Easier to install an appliance.
-----Original Message----- From: Sean Figgins [mailto:sfiggins () mail wcg net] Sent: Friday, November 03, 2000 7:33 AM To: nanog () merit edu Subject: RE: Security on a home DSL Line Of course, for those that don't know how to install a OS without the use of GUIs, you can always install FreeBSD just about as easily as Linux, and have all the security of IPFilter over IPChains... I've used this method to do everything from a Dial on Demand NAT gateway, to a full fledged firewall/router solution. Of course, my home network is behind more sophisticated security now, but if/when I ever change jobs and network providers, I'll be going back to the FreeBSD firewall/NAT method. -----Original Message----- From: owner-nanog () merit edu [mailto:owner-nanog () merit edu]On Behalf Of Brandon Hume Sent: Friday, November 03, 2000 9:07 AM To: nanog () merit edu Subject: Re: Security on a home DSL LineOtherwise, your idea is perfect; Linux or OpenBSD, whichever you're more comfortable with, will give you the most flexibility,and Solaris x86might work but will be dog-slow and unless you have a lot of RAM, completely unusuable.For such a weakly defined measure of "a lot of RAM", this statement is inaccurate. Solaris 8 x86 will run comfortably, without X and superfluous processes (to say: a rational firewall/NAT box configuration) within 12M of RAM. A passing knowledge of Solaris would not let a person know this to be true, however, since Sun states its memory requirements on the assumption you'd be using X. That being said, OpenBSD is probably the best choice. It requires more skill to install, but less skill to secure, and would probably run better *by default* on a minimal machine. After that I'd suggest Solaris, since it installs less crap than most of the Linux distributions (note: most). Driver issues might force your hand to the Linuxes, of course. I also place OpenBSD and Solaris above Linux because they both give you the use of IPFilter, which I believe to be just flat-out superior to IPChains. -- Brandon Hume - hume -> BOFH.Halifax.NS.Ca,
http://WWW.BOFH.Halifax.NS.Ca/ -> Solaris Snob and general NOCMonkey
Current thread:
- Re: Security on a home DSL Line, (continued)
- Re: Security on a home DSL Line Bryan Pace (Nov 02)
- Re: Security on a home DSL Line James M. Shuler III (Nov 02)
- Re: Security on a home DSL Line Steve Sobol (Nov 02)
- Re: Security on a home DSL Line Joe Shaw (Nov 02)
- RE: Security on a home DSL Line Sean Figgins (Nov 03)
- Re: Security on a home DSL Line Shawn McMahon (Nov 03)
- RE: Security on a home DSL Line Roeland Meyer (Nov 02)
- RE: Security on a home DSL Line Steven J. Sobol (Nov 02)
- Re: Security on a home DSL Line Brandon Hume (Nov 03)
- RE: Security on a home DSL Line Sean Figgins (Nov 03)
- RE: Security on a home DSL Line Roeland Meyer (Nov 03)
- Re: Security on a home DSL Line James M. Shuler III (Nov 04)
- RE: Security on a home DSL Line Rishi Singh (Nov 03)
- RE: Security on a home DSL Line Dennis Dayman (Nov 03)
- Re: Security on a home DSL Line Shawn McMahon (Nov 03)
- a quick about mibs/5300's rick (Nov 03)
- Re: a quick about mibs/5300's Todd Caine (Nov 03)
- RE: a quick about mibs/5300's Jason Young (Nov 03)
- Re: Security on a home DSL Line Hank Nussbacher (Nov 04)
- RE: Security on a home DSL Line Rishi Singh (Nov 03)
- RE: Security on a home DSL Line Dennis Dayman (Nov 03)