Router/Firewall Recommendation

Otto Haliburton ottohaliburton at comcast.net
Wed Jun 23 17:37:23 UTC 2004 


> -----Original Message-----
> From: redhat-list-bounces at redhat.com [mailto:redhat-list-
> bounces at redhat.com] On Behalf Of Ed Wilts
> Sent: Wednesday, June 23, 2004 12:21 PM
> To: General Red Hat Linux discussion list
> Subject: Re: Router/Firewall Recommendation
> 
> On Wed, Jun 23, 2004 at 11:48:23AM -0500, Otto Haliburton wrote:
> > > NAT will only protect you from inbound new connections.  It does
> > > absolutely nothing if you have a rampant application on your Windows
> box
> > > that opens a port to the outside world.
> > >
> > I believe that you can prevent any outgoing port from being opened to
> the
> > outside world in the router fyi, in case you haven't prevented that.
> Plus
> > if that occurs I think that the administrator needs to take swift and
> > decisive action.
> 
> You have some control on the outbound ports on the Linksys routers but
> nowhere near what you can get with iptables.  If you want to, for
> example, restrict outbound port 80 to www.microsoft.com, it's much
> harder to do at the Linksys level, if it's even possible.

I maybe wrong but this sort of thing has all ways been accomplished with a
proxy server, but I don't know.  I've never ever had a need to do this so I
guess to each his own.
> 
> > > Personally, I use a Linksys router/firewall with some predetermined
> > > ports forwarded to my Linux system (none to my Windows systems) and
> add
> > > tcpwrappers to restrict which hosts are actually allowed to use that
> > > service.  For example, ssh makes it through the firewall but
> tcpwrappers
> > > restricts the incoming connections to my office subnet.
> > >
> > if I am interpreting this correctly.  Not all of your computers are
> behind
> > the linksys firewall and that is the problem!!!!!
> 
> I have my systems behind the Linksys firewall but it forwards a few
> ports to my server. It's how mail and ssh get in and how I can serve up
> web pages to the outside world.
> 
> --
> Ed Wilts, RHCE
> Mounds View, MN, USA
> mailto:ewilts at ewilts.org
> Member #1, Red Hat Community Ambassador Program
> 
> 
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list

More information about the redhat-list mailing list