Re: Which is firewall generator suitable for new hand?
--- Jacob S <stormspotter@6Texans.net> wrote:
> On Thu, 3 Mar 2005 17:34:32 +0000 (GMT)
> Matt Johnson <johnsonmlw@yahoo.com> wrote:
>
> >
> > --- Tony Godshall <togo@of.net> wrote:
> > > According to James Ng,
> > > > Hi All,
> > > >
> > > > I am a new hand in linux system. I want to
> set
> > > up a firewall in my
> > > > debain in my home. Which is the firewall
> > > generator suitable for a new
> > > > hand in firewall? Since the document about
> > > iptables is too complicated
> > > > for me, I could not use it.
> > > >
> > > > Could any one give me a suggestion?
> >
> > I'm new to firewalls too. I installed ipmasq on my
> > gateway box. Is this not right? It just "works"
> and
> > I've not had a single nasty showing up on the logs
> of
> > windows clients (with ZoneAlarm) that sit private
> side
> > of the gateway.
> >
> > I guess I'm using ipmasq as a firewall...? *gulp*
> ?
> >
> > Is this open and vulnerable?
>
> No. In short, it means the gateway is acting as a
> firewall for the
> Windows clients, but the gateway itself is open to
> the world. (This
> equals very poor security, to say the least.) You
> need a firewall on the
> gateway machine to protect the gateway machine from
> the internet.
> Otherwise you're leaving the drawbridge on your
> castle unguarded and
> without a mote (even though it's in the up
> position).
Ah. Hmmmm. It's been like that for "some time". So I
need to install the ipmasq package *and* also
something like shorewall. Doesn't shorewall also
replicate some of the nat features of ipmasq? Can
shorewall replace ipmasq and do more too? I don't see
what ipmasq offers me in this scenario?
Thanks
--
Matt Johnson
Send instant messages to your online friends http://uk.messenger.yahoo.com
Reply to: