Need Advice on Routers
Matthew A Coulliette
matthewlug at cox.net
Sun May 3 20:48:23 MST 2009
Hi everyone,
Just wanted to add another glitch I had building my smoothwall
router. After having spent a day working on smoothwall by myself and
then having a friend help me work on it for a couple of half days, we
were never able to get smoothwall working properly. We could login
remotely from the lan and not be able to ping/see the wan; or we could
login directly on the machine (in root) but still be able to ping/see
the wan. We could just not get everything to work at the same time.
We occationally tried other firewall/router distro's including:
pfsense (freebsd), SME server, and eBox (ubuntu based), however,
IPfire_2.3 (another Smoothwall spin-off) worked on the first try. We
never got around to trying IPcop.
Thanks, IPfire. - MatthewMPP
Stephen wrote:
> And I still use an asa for my network :-)
>
>
> On 4/28/09, Dale Farnsworth <dale at farnsworth.org> wrote:
>
>> Eric Shubert wrote:
>>
>>> Alex Dean wrote:
>>>
>>>> On Apr 27, 2009, at 1:24 PM, Eric Shubert wrote:
>>>>
>>>>
>>>>> Mark,
>>>>>
>>>>> I have a couple old e-machines that I made into IPCop firewall/routers,
>>>>> and have been decommissioned for a while (they were virtualized).
>>>>>
>>>> Do you mean you virtualized your firewall?
>>>>
>>> Yep.
>>>
>>>
>>>> Doesn't that create a risk
>>>> that other VMs on the same hardware host might be exposed to nasty stuff
>>>>
>>>> which arrives at the firewall?
>>>>
>>> I don't think so. The VM host isn't addressable/accessible on the
>>> outside/red interface. The only thing that 'sees' outside traffic is the
>>> IPCop VM.
>>>
>>> I could be wrong, but it appears safe enough to me.
>>>
>> It is only as safe as VMware is secure. If code can break out of a
>> VM and begin running on the host, all bets are off.
>>
>> As Ken Thompson pointed out in "Reflections on Trusting Truse", you
>> already have to trust everyone who developed the hardware, firmware
>> and software you are running. Running in a virtual machine instead
>> of on bare hardware means you have to also trust the developers of
>> the VM host (hypervisor) software.
>>
>> I'm not saying that it isn't worth it; I use VMs every day.
>>
>> -Dale
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>
>>
>
>
More information about the PLUG-discuss
mailing list