Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
For years, I've had One Server To Rule Them All, with two network cards (one DSL-modem-facing, one intranet-facing leading to a hub), functioning as both firewall/NAT/server of many protocols. I have an old WAP plugged into the hub that I use for my laptop and Zaurus, etc. I just picked up a Linksys WRT54G wireless router with 4-port hub (still shrinkwrapped, so tell me if that was a bad choice sooner than later). I want to use it as my firewall, but there's a couple of ways of playing this. I'm reading up on the whole DMZ concept, and it seems like a straight pass-through, so what does that buy you over hooking up the machine straight to the DSL modem? It means I don't have to configure individual ports to go to my server, but it adds no protection to my server either. If I don't put my server in the DMZ, I have to open up a bunch of ports to it. Judging by the picture in the PDF version of the manual I downloaded, it looks like this unit is limited to 10 ranges. If I want to be precise in my ports left open, then this will be pretty tight. I can do it if I put some nearby ports in one range. Right now my /etc/sysconfig/SuseFirewall2 file has "FW_SERVICES_EXT_TCP="8042 993 bittorrent ftp ftp-data http https imap imaps ntp pop3 pop3s rsync smtp ssh svn". I can probably ditch rsync, and 993 is the same thing as imaps I think. ftp and ftp-data are contiguous so they can go in one entry. That leaves 13 entries, so I will have to get creative. Maybe I can get rid of imap, since UW-imap requires imaps anyway. But whatever I do I have to leave ports open that I won't be using. Am I missing something, or am I simply doing too much with my server ;) I also forget how AIM/Yahoo/MSN messengers are working without holes for their protocols. Do they go over port 80? I assume I should continue to run SuseFirewall on my server even if it's protected by the router, right? The router should block everything unwanted, and that would mean I could ease the load of the server quite a bit. Is it false security to run two firewalls doing pretty much the same thing, or is it a waste of CPU cycles? At least I can kill the dhcp server and disable masquerading in the firewall. Last one: So I guess my router will now get my static IP address, and I have to tell my server that its one and only interface is a 192.168.1 address, right? Which is cool, because then I can remove one more card from that system and use just the ethernet jack on the motherboard. Thanks. PS: I'm doing this for several reasons: - My WAP's antenna is a little broken - My WAP is B only, and I paid good money for G in my Thinkpad - All my devices are connected with a crappy hub now, so everything is forced to 10Mbs. Now I'll have a 10/100 switch for local traffic. - I'm 99% sure I'm gonna put a Hauppague PVR-350 card in my server and add MythTV to its list of duties, and I will most likely be watching the content on my laptop elsewhere, so 5X the speed is a good thing. - I had a $100 gift certificate to Best Buy and this was on sale.
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |