[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Alcatel ADSL modem, Linux and Bezeq ADSL
- To: <gmendelson(at-nospam)bloomberg.com>
- Subject: Re: Alcatel ADSL modem, Linux and Bezeq ADSL
- From: Dani Arbel <darbel(at-nospam)techunix.technion.ac.il>
- Date: Tue, 20 Nov 2001 23:25:57 +0200 (IST)
- Cc: Omer Zak <omerz(at-nospam)actcom.co.il>, linux ILUG <linux-il(at-nospam)linux.org.il>
- Delivered-To: linux.org.il-linux-il@linux.org.il
- In-Reply-To: <200111201523.PAA13059@ bfr.co.il>
- Sender: linux-il-bounce(at-nospam)cs.huji.ac.il
Omer,
On Tue, 20 Nov 2001, Geoffrey S. Mendelson wrote:
> Omer Zak wrote:
> >
> > We connected a LAN to the Internet via Alcatel's Speed Touch HOME ADSL
> > modem. This modem is an Ethernet modem, and works with a regular phone
> > line (i.e. not ISDN).
> > The gateway is Linux-based, and we use Mulix' patched pptp (with the
> > --quirks option).
> >
> > We use a Linux-based gateway/firewall (with kernel 2.2 and ipchains).
> >
> > The connection works - we can fetch and send E-mail, telnet, FTP and surf
> > to several Web sites.
> >
> > However:
> > 1. This works with and without the --quirks=BEZEQ_ISRAEL option.
> > 2. We can't surf to some Web sites both in Israel and abroad.
>
>
> Why are you allowing the users to get to the web directly?
>
> IMHO, you should be running a caching proxy on the gateway machine. It
> should point to your ISP's caching proxy.
This is a good thing to do. (and this is what I do at home)
>
> If you use SQUID instead of apache, some ISP's also run squid and can
> communicate on a proxy to proxy port which is much more efficent.
>
> While you are at it, install SOCKS on the gateway machine and that
> will eliminate 99% of your masqerading.
>
> I prefer an environment where there are (almost) no incoming connections
> allowed (DNS and mail?) and no outgoing connections except from the
> gateway machine. IP masqerading or NAT, was designed for the days of
> a kinder, gentler internet and should be used with extreme caution.
>
> Also I think that you should have the aDSL modem and the rest of the
> network on seperate physical interfaces.
I do not realy see what benefit you get from SOCKS . I believe switching
from ipchains to iptables is much more important. Also running on one
ethernet (with good firewalling) is ok.
Your real concern would be pc trojans (subseven etc). use antivirus on the
pc's.
>
> Geoff
>
> --
> Geoffrey S. Mendelson
> Bloomberg L.P., BFM (Israel) 2 hours ahead of London, 7 hours ahead of New York.
> Tel: 972-(0)3-6944-211 Fax: 972-(0)3-6944-225 Email: gmendelson@bloomberg.com
>
>
>
> =================================================================
> To unsubscribe, send mail to linux-il-request@linux.org.il with
> the word "unsubscribe" in the message body, e.g., run the command
> echo unsubscribe | mail linux-il-request@linux.org.il
>
Dani
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il