At work we are protected very well by IT. At home I use the Linksys router
and BlackIce Defender--good,stable product--no problems yet.
Dwaine.
ALCON RESEARCH, LTD.
M/S: R-NMR
6201 South Freeway
Fort Worth, Texas 76134-2099
817-551-8003
FAX 817-568-7675
dwaine.thomas_at_alconlabs.com
-----Original Message-----
> From: rnunlist_at_purcell.cchem.berkeley.edu
> [mailto:rnunlist_at_purcell.cchem.berkeley.edu]
> Sent: Friday, December 14, 2001 12:01 PM
>To: ammrl_at_wwitch.unl.edu
> Subject: Re: firewall
As I recall, Ben Bangerter some time ago recommended using a small
firewall/router. A switched 10/100 Mbs 4-port box is about $90, or less.
One draw-back is that the outside connection speed is limited to 10 MBs.
More than enough for home use, but perhaps not ideal for networking
data.
I use a Linksys box at home to network my Linux box and a Windows
machine to the outside, and a server on the inside. The only open
outside services are ssh, http and mail. In addition, tcp_wrappers are
set up. just in case.
While simpler to set up than a full blown firewall machine, this is not
as flexible. It still might do the job, though, for an NMR lab.
Another option is to not use a gateway, thus effectively restricting the
systems to the local subnet. This provides obscurity, but not real
security, as machines on the local subnet can access whatever service
is available. And, of course, no mp3 downloads ;=(
Regards,
Rudi
------ On 13 Dec, Bill Gurley wrote:
= Kirk Marat wrote:
= >
= > Any recommendations on firewalls?
=
=
= Kirk:
=
= I haven't actually done this in the NMR lab (yet), but if
= all of your NMR unix boxes are in fairly close proximity,
= this would be simple:
=
= Set up a RedHat Linux 7.2 machine as the firewall machine.
= Put two ethernet cards in the machine. "eth0" will talk to
= the internet, and will have a "real" IP number assigned to
= it. The second ethernet card, "eth1", will be on your
= "private" network. You can use the range of numbers
= 192.168.1.x, which is not used on the internet. Get a
= simple hub of appropriate size. Plug eth1 into that hub,
= and also all of your protected machines. Assign new static
= IP numbers to those machines. Using NAT, network address
= translation, the protected machines will be able to get out
= to the internet through the firewall machine. The address
= of the firewall machine should be used as the Gateway and
= DNS (along with your campus DNS too) for the others. The
= subnet mask for the protected machines would be
= 255.255.255.0. Do a custom Redhat 7.2 installation and
= select all of the packages relating to firewall. (I can't
= recall right now, but there might even be an installation
= choice of "Firewall machine.")
=
= I'm doing just this at home, where I have three computers
= accessing broadband (cable modem) through a fourth Redhat
= machine which acts as the firewall. The only thing that I
= have NOT tried to figure out is whether one can get INTO the
= protected machines (directly) from the outside. However, if
= I am at work, I CAN ssh into my firewall machine, and once
= there I can then get into the protected machines to transfer
= files, etc. Obviously, you do not want to allow simple
= telnet or ftp access to the firewall machine. That would
= make the whole exercise useless. Only allow secure
= shell/ftp, and use tcp_wrappers. Of course it would be even
= better if you don't allow ANY incoming access, but I suppose
= most labs need some way for people to get their data off the
= instrument computers.
=
= The Redhat firewall machine could be a simple 486 or classic
= Pentium that's probably gathering dust in some corner
= anyway. But if you wanted to set up a respository for data
= files you might want something better.
=
=
= -Bill-
=
= Bill Gurley, Supervisor of Technical Services
= Department of Chemistry
= University of Tennessee, Knoxville Campus
--
Received on Fri Dec 14 2001 - 18:13:27 MST