[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[no subject]
Agreed. I have 6 SuSE 9.3 boxes here, all current and up to date.
> Second: would you combine firewall and proxy duties on one box, or
> build two? Right now I have a Linksys router (I know, it's not really
> a firewall). So - would you go brandx router crossover cable to
> firewall/proxy for tighter control?
I would build two separate boxes. Personally I would build my own
firewall using Bob Toxen's book as a guide.
> Third: three PCs are for home use, one is for business use and
> connects via VPN to the work network. My initial thought is to go
> Linksys to internal LAN, have my work PC and the proxy on the
> internal LAN (not the DMZ segment on my Linksys - that's a scary
> thought). Home PC's would be behind the proxy.
Sounds right. Is the proxy on the dmz or part of the firewall?
> Fourth: can filters and reports be based on userid authentication, or
> are they IP based? I do not use DHCP at home, and manually assign
> everything - so it is a non-issue, but if I were to replicate the
> proxy for a church or for a friend - I think DHCP would be used.
Are you talking iptables/ipchains filters?
> Finally - while I do not use DHCP at home, if I were to build a proxy
> for a network that does use DHCP, could I pass the DHCP requests
> through the proxy server, or would I need to run firewall, proxy and
> dhcp all on the one box?
You could have separate boxes for each. I'm a firm believer in a
firewall being a firewall and nothing else. Personal opinion there. (I
also lock my car in my garage..)
> Also - do any of you use Viralator and CLAMAV on squid proxies? Is it
> an effective solution? All my Win PC's (I know, that's a bad word) -
> have Antivirus running, current, and scanning daily. Still we got
> infected when my wife snagged my work PC, opened a Hotmail attachment
> and infected it. I don't want to try to 'splain that at the office!
> (I did change the password and repeated the "don't use my work PC for
> anything ever" mantra - but we've had that issue before).
You're pretty well screwed if you're running windows. There's always
the possibility something's going to get through. My wife's box is the
only windows box that has internet access in the house. My daughter has
a dual boot, no network at all when running windows.
>
> (if I go the Debian route - anyone downloaded Sarge stable and burned
> to CD? I'm not sure if I'll go Debian or SuSE - not anything against
> any other distros, it's just that I am slightly more familiar with
> those.)
Everyone know's my opinion, I'd go with SuSE. A lot easier to configure
and install. Further, you're going to have more current software.
Please folks, don't let this start another flame war on distros.
--
Until later, Geoffrey
</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<!--X-Follow-Ups-End-->
<!--X-References-->
<ul><li><strong>References</strong>:
<ul>
<li><strong><a name="00756" href="msg00756.html">[ale] SOHO Proxy - Questions</a></strong>
<ul><li><em>From:</em> brucelists at bellsouth.net (brucelists at bellsouth.net)</li></ul></li>
</ul></li></ul>
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00757.html">[ale] Problems with USB Flash drives and kernel 2.6.11</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00759.html">[ale] Problems with USB Flash drives and kernel 2.6.11</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00756.html">[ale] SOHO Proxy - Questions</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00763.html">[ale] SOHO Proxy - Questions</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00758"><strong>Date</strong></a></li>
<li><a href="threads.html#00758"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>