nanog mailing list archives

RE: Security on a home DSL Line

From: Roeland Meyer <rmeyer () mhsc com>
Date: Fri, 3 Nov 2000 07:44:00 -0800


I did that ... too much work. Easier to install an appliance.

-----Original Message-----
From: Sean Figgins [mailto:sfiggins () mail wcg net]
Sent: Friday, November 03, 2000 7:33 AM
To: nanog () merit edu
Subject: RE: Security on a home DSL Line

Of course, for those that don't know how to install a OS 
without the use of
GUIs, you can always install FreeBSD just about as easily as 
Linux, and have
all the security of IPFilter over IPChains...  I've used this 
method to do
everything from a Dial on Demand NAT gateway, to a full fledged
firewall/router solution.

Of course, my home network is behind more sophisticated 
security now, but
if/when I ever change jobs and network providers, I'll be 
going back to the
FreeBSD firewall/NAT method.

-----Original Message-----
From: owner-nanog () merit edu [mailto:owner-nanog () merit edu]On Behalf Of
Brandon Hume
Sent: Friday, November 03, 2000 9:07 AM
To: nanog () merit edu
Subject: Re: Security on a home DSL Line

Otherwise, your idea is perfect; Linux or OpenBSD, whichever you're
more comfortable with, will give you the most flexibility,

and Solaris x86

might work but will be dog-slow and unless you have a lot of RAM,
completely unusuable.


For such a weakly defined measure of "a lot of RAM", this statement is
inaccurate.  Solaris 8 x86 will run comfortably, without X 
and superfluous
processes (to say: a rational firewall/NAT box configuration) 
within 12M
of RAM.  A passing knowledge of Solaris would not let a 
person know this to
be true, however, since Sun states its memory requirements on 
the assumption
you'd be using X.

That being said, OpenBSD is probably the best choice.  It 
requires more
skill
to install, but less skill to secure, and would probably run 
better *by
default* on a minimal machine.  After that I'd suggest 
Solaris, since it
installs less crap than most of the Linux distributions (note: most).
Driver issues might force your hand to the Linuxes, of course.

I also place OpenBSD and Solaris above Linux because they 
both give you the
use of IPFilter, which I believe to be just flat-out superior 
to IPChains.

--
Brandon Hume    - hume -> BOFH.Halifax.NS.Ca,

http://WWW.BOFH.Halifax.NS.Ca/
                       -> Solaris Snob and general NOCMonkey

Current thread:

Re: Security on a home DSL Line, (continued)
- Re: Security on a home DSL Line Bryan Pace (Nov 02)
- Re: Security on a home DSL Line James M. Shuler III (Nov 02)
  - Re: Security on a home DSL Line Steve Sobol (Nov 02)
- Re: Security on a home DSL Line Joe Shaw (Nov 02)
  - RE: Security on a home DSL Line Sean Figgins (Nov 03)
- Re: Security on a home DSL Line Shawn McMahon (Nov 03)
- RE: Security on a home DSL Line Roeland Meyer (Nov 02)
  - RE: Security on a home DSL Line Steven J. Sobol (Nov 02)
- Re: Security on a home DSL Line Brandon Hume (Nov 03)
  - RE: Security on a home DSL Line Sean Figgins (Nov 03)
- RE: Security on a home DSL Line Roeland Meyer (Nov 03)
  - Re: Security on a home DSL Line James M. Shuler III (Nov 04)
- RE: Security on a home DSL Line Rishi Singh (Nov 03)
  - RE: Security on a home DSL Line Dennis Dayman (Nov 03)
  - Re: Security on a home DSL Line Shawn McMahon (Nov 03)
    - a quick about mibs/5300's rick (Nov 03)
    - Re: a quick about mibs/5300's Todd Caine (Nov 03)
    - RE: a quick about mibs/5300's Jason Young (Nov 03)
    - Re: Security on a home DSL Line Hank Nussbacher (Nov 04)
- RE: Security on a home DSL Line Rishi Singh (Nov 03)
  - RE: Security on a home DSL Line Dennis Dayman (Nov 03)

(Thread continues...)