Router/Firewall Recommendation
Ed Wilts
ewilts at ewilts.org
Wed Jun 23 17:21:22 UTC 2004
On Wed, Jun 23, 2004 at 11:48:23AM -0500, Otto Haliburton wrote:
> > NAT will only protect you from inbound new connections. It does
> > absolutely nothing if you have a rampant application on your Windows box
> > that opens a port to the outside world.
> >
> I believe that you can prevent any outgoing port from being opened to the
> outside world in the router fyi, in case you haven't prevented that. Plus
> if that occurs I think that the administrator needs to take swift and
> decisive action.
You have some control on the outbound ports on the Linksys routers but
nowhere near what you can get with iptables. If you want to, for
example, restrict outbound port 80 to www.microsoft.com, it's much
harder to do at the Linksys level, if it's even possible.
> > Personally, I use a Linksys router/firewall with some predetermined
> > ports forwarded to my Linux system (none to my Windows systems) and add
> > tcpwrappers to restrict which hosts are actually allowed to use that
> > service. For example, ssh makes it through the firewall but tcpwrappers
> > restricts the incoming connections to my office subnet.
> >
> if I am interpreting this correctly. Not all of your computers are behind
> the linksys firewall and that is the problem!!!!!
I have my systems behind the Linksys firewall but it forwards a few
ports to my server. It's how mail and ssh get in and how I can serve up
web pages to the outside world.
--
Ed Wilts, RHCE
Mounds View, MN, USA
mailto:ewilts at ewilts.org
Member #1, Red Hat Community Ambassador Program
More information about the redhat-list
mailing list