[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ADSL Masuerading with 2.4.7-10 and ipchains Q



Shachar Shemesh wrote:
> 
> You do know that people can break into some of the ADSL modems, don't you?
> 
> I would highly recommend using a seperate NIC for the modem->linux 
> connection, unless it's the only machine on your network.

I'd go farther than that.

1. Disallow incoming connections from the modem.

2. Allow outgoing connections on the modem only to the tunneling host/port.

3. Disallow most, if not all incoming connections from the tunnel
   (your choice).

4. Allow all outing connections via the tunnel.

5. Disallow outgoing connections to the LAN.

6. Allow incoming connections to proxy servers.

7. Run proxies as necessary, http, ftp, etc. If you don't want caching, 
   run socks. If you want caching, run appache or squid and socks and
   this will cover almost all of your needs. 

8. Run your own named, even if all it does is forward requests.


Geoff.

-- 
Geoffrey S. Mendelson
Bloomberg L.P., BFM (Israel) 2 hours ahead of London, 7 hours ahead of New York.
Tel:  972-(0)3-6944-211  Fax: 972-(0)3-6944-225 Email: gmendelson@bloomberg.com



=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il