debian-etch gateway

R. Wood rw at
Sun Aug 3 14:28:53 UTC 2008

Hash: SHA1

Allegedly, on Sun, Aug 03, 2008 at 08:40:26AM -0300, Tom Daly stated:
> I run a debian-etch gateway for my house network (K/Xubuntu/XP
> mixture), and want to crank down security a tad.  If anyone has any
> comments/suggestions on this article
> <>
> I'd appreciate hearing from you


You may need to supplement this article above with other
HOWTO's/tutorials/articles.  I notice for example that it doesn't
mention configuring /etc/network/interfaces at all.

The other thing I don't recommend (and this is just my opinion, based on
my own experience) is trying to cook up homemade firewall scripts.  This
topic is complicated enough, and there are a lot of subtle details that
create opportunities for security issues.  If "security" is a concern,
and it should be, I say leave firewalls to the professionals: find a
good 'firewall script' that allows you to specify what you want at a
higher level, and then the script will crank out the proper set of
iptables rules.  Two examples of firewall scripts are:
- - shorewall (no GUI, just edit some text files according to the
  excellent documentation).
- - firehol (same, no GUI).

The firewall needs to be set up carefully, methodically, and with
attention to detail.  Once it is in place it will handle the
ipmasq/NAT/port forwarding (different people use different terms)

- -- 
"Be Nice, or Leave - By Order of the Management"
(Sign above door, Black Sheep Inn, Wakefield)
GPG Fingerprint: 2E4D 8605 DD48 E80F F893  1C02 B65D 86D9 3B3C 0E03
Encrypted Email Preferred  |  War is BIG Business: Enough Excuses, Peace Now!
Bush-whacked 2004! Try to relax and enjoy the Chaos :-)  |  Free Tibet
Version: GnuPG v1.4.6 (GNU/Linux)


More information about the ubuntu-ca mailing list