Need Advice on Routers

Matthew A Coulliette matthewlug at cox.net
Sun May 3 20:48:23 MST 2009


Hi everyone,

    Just wanted to add another glitch I had building my smoothwall
router.  After having spent a day working on smoothwall by myself and
then having a friend help me work on it for a couple of half days, we
were never able to get smoothwall working properly.  We could login
remotely from the lan and not be able to ping/see the wan; or we could
login directly on the machine (in root) but still be able to ping/see
the wan. We could just not get everything to work at the same time. 
    We occationally tried other firewall/router distro's including:
pfsense (freebsd), SME server, and eBox (ubuntu based), however,
IPfire_2.3 (another Smoothwall spin-off) worked on the first try. We
never got around to trying IPcop.
    Thanks, IPfire. - MatthewMPP





Stephen wrote:
> And I still use an asa for my network :-)
>
>
> On 4/28/09, Dale Farnsworth <dale at farnsworth.org> wrote:
>   
>> Eric Shubert wrote:
>>     
>>> Alex Dean wrote:
>>>       
>>>> On Apr 27, 2009, at 1:24 PM, Eric Shubert wrote:
>>>>
>>>>         
>>>>> Mark,
>>>>>
>>>>> I have a couple old e-machines that I made into IPCop firewall/routers,
>>>>> and have been decommissioned for a while (they were virtualized).
>>>>>           
>>>> Do you mean you virtualized your firewall?
>>>>         
>>> Yep.
>>>
>>>       
>>>> Doesn't that create a risk
>>>> that other VMs on the same hardware host might be exposed to nasty stuff
>>>>
>>>> which arrives at the firewall?
>>>>         
>>> I don't think so. The VM host isn't addressable/accessible on the
>>> outside/red interface. The only thing that 'sees' outside traffic is the
>>> IPCop VM.
>>>
>>> I could be wrong, but it appears safe enough to me.
>>>       
>> It is only as safe as VMware is secure.  If code can break out of a
>> VM and begin running on the host, all bets are off.
>>
>> As Ken Thompson pointed out in "Reflections on Trusting Truse", you
>> already have to trust everyone who developed the hardware, firmware
>> and software you are running.  Running in a virtual machine instead
>> of on bare hardware means you have to also trust the developers of
>> the VM host (hypervisor) software.
>>
>> I'm not saying that it isn't worth it; I use VMs every day.
>>
>> -Dale
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>
>>     
>
>   



More information about the PLUG-discuss mailing list