On Tue, 2003-12-30 at 22:07, Rob Wultsch wrote:
> Bart Garst wrote:
>
> >On Tue, 2003-12-30 at 20:44, Kevin Brown wrote:
> >
> >
> >>>I have looked around the net a bit and can not figure what I do and do
> >>>not need to know.
> >>>
> >>>I am building a desktop/ firewall for my girlfriend that has cox. As
> >>>her mother hates me I will not have access to the cable modem before I
> >>>drop off the computer, and will not have a ton of time to configure the
> >>>computer before getting something thrown at me. The computer that I am
> >>>giving away will be protecting the rest of the net from the virus ridden
> >>>piece of s* that my girlfriend's mom will not let me fix.All I know
> >>>about the cable modem is that it is not a router and that it has cat-5
> >>>out. I have no experiece with such things so I am hoping that you could
> >>>tell me of the ramifications *or point me to a guide*.
> >>>
> >>>Should I do anything special when I install debian? (should I tell it a
> >>>bs static ip or what?)
> >>>
> >>>
> >>It will need the DHCP client to get an address from cox (and possibly a DHCP
> >>server for the systems in the house).
> >>
> >>
> >>>How much time should I assume that I will need to invest to get firewall
> >>>builder setup?
> >>>
> >>>
> >>Depends on how secure you want to make it and other needs. A basic config will
> >>need to do NAT and prevent outside systems from getting to or through the debian
> >>router otherwise.
> >>
> >>
> >>
> >
> >I think NAT is a bit much (personal opinion). I have a setup similar to
> >what you're describing. I have my internal machines using the
> >firewall/router as a gateway and have ip_forwarding enabled.
> >
> >Here's a link similar to the how-to I used:
> >http://en.tldp.org/HOWTO/Firewall-HOWTO.html
> >
> >Getting this thing going should be simple, securing it is a different
> >matter. I've had to make several adjustments to the firewall rules since
> >I got it going. Make sure you can ssh into this machine from the outside
> >if they expect you to maintain this system.
> >
> >Good luck.
> >Bart
> >
> >
> >
> >
> As this is a g/f, not family, or a long time friend, I was thinking
> about just setting up debian stable and making a cron job do an apt-get
> update; apt-get upgrade every night.
>
> This would be sufficent I trust to keep the box from getting easily cracked?
>
> For that matter I know that it is not a great idea to use a desktop as a
> firewall, but is it really that terrible?
---
you can get very cheap dsl/cable modem router from fry's - perhaps
$30-$40. Has a manual, almost plug and play and it includes a hub so
they can connect more than one computer.
Now having said that, probably not the best idea but if all incoming
ports were blocked, it should be good enough. No one should be running X
as root.
The idea of automatic updates is that sh*t happens - auto update could
be auto run amuk. Suggest that you consider leaving port 22 open so you
could secure shell into it once in a while and install updates.
Just a little more unsolicited stuff...look closely at the mother that
hates your guts...the apple doesn't fall far from the tree. While at the
moment, she may not resemble her mother in any way, let me assure you
that when the fog lifts, you will see her mom in her. Keep the computer,
dump the babe.
;-)
Craig
(text/plain)