AOA Forums AOA Forums AOA Forums Folding For Team 45 AOA Files Home Front Page Become an AOA Subscriber! UserCP Calendar Memberlist FAQ Search Forum Home


Go Back   AOA Forums > Hardware > General Hardware Discussion

General Hardware Discussion Hard drives, CD, DVD Monitors, All hardware questions not better served by our other Topics


Reply
 
LinkBack Thread Tools Rate Thread
  #1 (permalink)  
Old 14th September, 2004, 06:22 PM
GrahamGarside's Avatar
Member/Contributer
 
Join Date: September 2004
Location: England
Posts: 4,572

Shared Broadband

I'm currently awaiting delivery of my adsl modem and plan on sharing the conection between mine and my parents computers. I'm going to setup a linux based firewall (http://www.smoothwall.org/) which will be conected to the modem and then conect my computers to this. This is where I'm uncertain of the best method. If all the computers are conected to a switch will the 2 windows based computers be able to access the net conection from the linux box? Or will I need to use a router and conect the linux box to a WAN port? Any advice would be greatly apreciated
__________________
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 14th September, 2004, 06:43 PM
Chief Systems Administrator
 
Join Date: September 2001
Location: Europe
Posts: 13,075

In the case of smoothwall, the linux system acts as a router. You only need a hub or a switch to connect your machine, your parent's machine and the linux system together.
__________________
Any views, thoughts and opinions are entirely my own. They don't necessarily represent those of my employer (BlackBerry).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 14th September, 2004, 06:52 PM
Member/Contributor/Resident Crystal Ball
 
Join Date: March 2004
Posts: 7,451

i use an athlon xp based system for a firewall, and have every pci slot occupied with ethernet cards. motherboard has gigabit ethernet as well. the machines on the pci ethernet get somewhat reasonable connections, unless they are all being used at once, while the machine connected to the gigabit ethernet gets a connection as fast as the one connected to the modem. The modem is pligged into one of the pci ethernets, and windows does the connection management. Because i'm paranoid, there is a hardware based firewall somewhere there's too.
__________________
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 14th September, 2004, 06:56 PM
Chief Systems Administrator
 
Join Date: September 2001
Location: Europe
Posts: 13,075

Quote:
Originally Posted by cadaveca
there is a hardware based firewall somewhere there's too.
Most hardware based firewalls are just computers running some firewalling software. Very few firewalls are implemented in hardware! Netscreen is one of the few that I know of.

Smoothwall uses Linux's IPTables firewall, which is pretty good. Not quite as good as OpenBSD's PF, but still secure.
__________________
Any views, thoughts and opinions are entirely my own. They don't necessarily represent those of my employer (BlackBerry).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #5 (permalink)  
Old 14th September, 2004, 07:23 PM
Member/Contributor/Resident Crystal Ball
 
Join Date: March 2004
Posts: 7,451

was not knocking smoothwall at all....have not tried it myself yet, but i had downloaded it before as i was planning to use a pII as a firewall, because, like you said, Aedan, a router is just a simple pc anyway, really. i decided to not use the pII, as it did not seem to have enough power to manage the 5 connections, and windows, at the same time. Maybe this smoothwall is the answer!
__________________
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #6 (permalink)  
Old 14th September, 2004, 07:28 PM
GrahamGarside's Avatar
Member/Contributer
 
Join Date: September 2004
Location: England
Posts: 4,572

I did read a guide on smoothwall where they used multiple nic's in the one machine but I figure a switch will give more scope for adding more machines. Also I'm only starting with smoothwall for the time being and I'm going to configure my own firewall in the near future probabally using slackware or debian but I'll look into openbsd. finally I think this may be a stupid question and I'm pretty sure they will but the 2 windows machines will see each other won't they using a switch?. thanks a lot
__________________
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #7 (permalink)  
Old 14th September, 2004, 07:33 PM
Member/Contributor/Resident Crystal Ball
 
Join Date: March 2004
Posts: 7,451

i use cross-over cable...works just the same, and lowers latencies a bit.
__________________
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #8 (permalink)  
Old 14th September, 2004, 07:41 PM
Gizmo's Avatar
Chief BBS Administrator
BassTeroids Champion, Global Player Champion, Aim & Fire Champion, Puzzle Maniax Champion, Othello Champion, Canyon Glider Champion, Unicycle Challenge Champion, YetiSports 9: Final Spit Champion, Zed Champion
 
Join Date: May 2003
Location: Webb City, Mo
Posts: 16,178
Send a message via ICQ to Gizmo Send a message via AIM to Gizmo Send a message via MSN to Gizmo Send a message via Yahoo to Gizmo Send a message via Skype™ to Gizmo

Quote:
Originally Posted by Áedán
Most hardware based firewalls are just computers running some firewalling software. Very few firewalls are implemented in hardware!
What's more, most of them are running some variation of a Linux kernel, unless I am mistaken.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #9 (permalink)  
Old 14th September, 2004, 07:45 PM
Member/Contributor/Resident Crystal Ball
 
Join Date: March 2004
Posts: 7,451

unix based i believe maybe? that's what led me to smoothwall.
__________________
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #10 (permalink)  
Old 14th September, 2004, 11:29 PM
GrahamGarside's Avatar
Member/Contributer
 
Join Date: September 2004
Location: England
Posts: 4,572

I've looked around and I'm thinking of getting a Netgear FS108 8 Port Switch is this wise or can anyone recomend something else?
__________________
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #11 (permalink)  
Old 15th September, 2004, 09:27 AM
Chief Systems Administrator
 
Join Date: September 2001
Location: Europe
Posts: 13,075

To be honest, most of the small switches are pretty similar, so there's not really much to choose between them, other than the manufacturer and any warrenty.

As far as smoothwall and network interfaces go, usually the reason for multiple interfaces is to provide physical seperation between networks that have differing security requirements.
__________________
Any views, thoughts and opinions are entirely my own. They don't necessarily represent those of my employer (BlackBerry).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #12 (permalink)  
Old 15th September, 2004, 09:33 AM
Chief Systems Administrator
 
Join Date: September 2001
Location: Europe
Posts: 13,075

Quote:
Originally Posted by cadaveca
unix based i believe maybe? that's what led me to smoothwall.
Check Point's Firewall One runs on top of a number of platforms. The most popular variants are probably Nokia's IPSO (BSD Based), and Solaris; However, Check Point also have their secure platform which is Linux based. Note that the Firewall One firewall is not based on IPTables, but propriatary code.

Cisco's PIX is a bit of an unknown. Juniper's Netscreen range appears to be based on some form of UNIX, but packet processing is done in hardware on an ASIC. A number of other commercial firewalls run on Solaris.

Many of the smaller wired home 'routers' run VxWorks. For the wireless home 'routers', seeing a form of Linux is getting more common.
__________________
Any views, thoughts and opinions are entirely my own. They don't necessarily represent those of my employer (BlackBerry).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #13 (permalink)  
Old 15th September, 2004, 03:34 PM
GrahamGarside's Avatar
Member/Contributer
 
Join Date: September 2004
Location: England
Posts: 4,572

Quote:
Originally Posted by Áedán
To be honest, most of the small switches are pretty similar, so there's not really much to choose between them, other than the manufacturer and any warrenty.

As far as smoothwall and network interfaces go, usually the reason for multiple interfaces is to provide physical seperation between networks that have differing security requirements.
I'm not gonna be using a dmz for the time being and I need the 2 windows (plus any future additions to the network) to see each other. Thanks for the help, eeh it's costing me a small fortune getting this lot my parents best be grateful I tell thee
__________________
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #14 (permalink)  
Old 15th September, 2004, 09:04 PM
Kaitain's Avatar
Member
Mars Rover Champion, Joust Champion
 
Join Date: September 2001
Location: MK10, UK.
Posts: 4,372
Send a message via MSN to Kaitain Send a message via Skype™ to Kaitain

My wireless "router" is VxWorks based
__________________
It is by coffee alone I set my mind in motion...
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #15 (permalink)  
Old 15th September, 2004, 09:29 PM
Chief Systems Administrator
 
Join Date: September 2001
Location: Europe
Posts: 13,075

Quote:
Originally Posted by GrahamGarside
Thanks for the help, eeh it's costing me a small fortune getting this lot my parents best be grateful I tell thee
Indeed! I'm personally running my own OpenBSD based firewall on a mini-itx board, but I know (and help) people who also run Smoothwall on machines like an old pentium 120 machine. A lower performance machine is fine, as a basic firewall doesn't need lots of horsepower.
__________________
Any views, thoughts and opinions are entirely my own. They don't necessarily represent those of my employer (BlackBerry).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #16 (permalink)  
Old 15th September, 2004, 10:35 PM
Daniel ~'s Avatar
Chief BBS Administrator
 
Join Date: September 2001
Location: Seattle Wa.
Posts: 45,606

Ok, it's time to help Daniel again!

I "thought" (probably to fine a word for it) that a router was a "hardware firewall" also was under the impression that it was as good as using a computer to perform the firewall function...

Here I'm getting the impression that none of this is so?
__________________
"Though all men live in ignorance before mystery,
they need not live in darkness...
Justice is foundation and Mercy ETERNAL
."
DKE

"All that we do is touched by Ocean
Yet we remain on the shore of what we know."
Richard Wilbur

[img]/forum/attachments/random-nonsense/16515-sigs-dan_drag.jpg[/img]
Subscribers! Ask Pitch about a Custom Sig Graphic

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #17 (permalink)  
Old 15th September, 2004, 10:42 PM
Member/Contributor/Resident Crystal Ball
 
Join Date: March 2004
Posts: 7,451

oh boy...
there's a fun question to answer...
router....routes packets...reads headers and ensures they reach the right spot. A firewall is something else. Router's have a firewall effect because of the IP change...packets sent from behind the router get sent under the router's ip. A firewall actually inspects the packets to ensure integrity, and that they are actually supposed to be going to the right place, usually using Stateful Packet Inspection.

A software firewall provides no real safety, as the offending packet has already reached some sort of buffer on the machine that can then exploited. however, if you use a "hardware" firewall, the packets get inspected before they ever reach your harddrive, and hence the added security.
so, as long as the "firewall" pc/router/ whateva you want to name it, does not have say, an OS to manipulate, things are good, because you can also capture packets and store them for later inspection should something go wrong.

i guess you could get way more technical, butthat's any easy way of looking at it. i'm sure someone wuill expand on my words
__________________
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #18 (permalink)  
Old 16th September, 2004, 12:04 AM
GrahamGarside's Avatar
Member/Contributer
 
Join Date: September 2004
Location: England
Posts: 4,572

I could probabally have gotten away with a simple adsl router but the geek in me just couldn't resist setting up a linux based firewall.
I'm gonna be using a celeron 400 with 128mb of ram that I picked up from a refurbished pc dealer for £18 and the switch I'm getting costs £35 so it costs around the same as a broadband router except I get 8 ports instead of 4.
__________________
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #19 (permalink)  
Old 16th September, 2004, 10:43 AM
Chief Systems Administrator
 
Join Date: September 2001
Location: Europe
Posts: 13,075

Quote:
Originally Posted by cadaveca
A software firewall provides no real safety, as the offending packet has already reached some sort of buffer on the machine that can then exploited. however, if you use a "hardware" firewall, the packets get inspected before they ever reach your harddrive, and hence the added security. so, as long as the "firewall" pc/router/ whateva you want to name it, does not have say, an OS to manipulate, things are good, because you can also capture packets and store them for later inspection should something go wrong.
All "hardware" firewalls, have an OS on them, including true hardware firewalls such as the Netscreen! For home use, the OS is typically VxWorks. However, host based firewalls ("software") can be just as effective as network based firewalls ("hardware"). Indeed, usually there's very little difference between them, other than a host based firewall only protects the host it's running on.

A router is a device that routes packets from one interface to another. A NAT device is a device that translates one set of IP addresses to another set of IP addresses. A firewall is a device that can apply rules to the packets, and accept/deny them according to it's rules.

There are several fundimental technologies for firewalls. Firstly, there is the "packet filter". It has a list of ports and IP addresses that are allowed or disallowed. Hence, if a packet comes from A going to B, and A isn't on the allowed list, the packet is rejected. However, a packet filter isn't aware of state, and can be conned into allowing packets that should not be allowed. This is the most basic firewalling, and doesn't take much CPU.

Stateful inspection remembers the state of connections. If it sees a packet that claims to be part of an existing communication between machine A and machine B, it checks to see if it knows of any existing communication. If there's no existing communication, it throws the packet away. That way, it can open up a hole to allow communication when required, and then close it when the communication has finished. However, stateful inspection doesn't know anything about the data that's being passed in the connection, so doesn't know if it's valid or not. This is a bit more sophisticated, so requires a bit more CPU and memory.

Going one step up from that, there are application layer firewalls that examine the data stream in a communication. For example, some application layer firewalls can examine a request from a webbrowser, validate that it's sensible, and then pass it on. Should the application layer firewall see a request that is suspicious, it can then throw the request away and return a generic error. This is sophisticated, and requires a reasonable level of CPU, and a whole bunch more memory.

The NAT device, by it's very nature, provides a basic firewall. When your computer makes a request to the internet, the NAT device has to remember where the request came from, so that when the reply comes back, it knows where to send it. If the NAT device sees a reply when no request was sent out, it doesn't know where to send it, as it never saw the request. Hence, it throws the reply away, as it doesn't know what to do with it. This is the way that many of the home devices work. This is very similar to stateful inspection.
__________________
Any views, thoughts and opinions are entirely my own. They don't necessarily represent those of my employer (BlackBerry).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #20 (permalink)  
Old 16th September, 2004, 07:20 PM
Daniel ~'s Avatar
Chief BBS Administrator
 
Join Date: September 2001
Location: Seattle Wa.
Posts: 45,606

Thank you. I've read this three times - after reading it another three times I should have a better idea of what I'm thanking you for! ":O}

( just a matter of learning new definitions and functions.)
__________________
"Though all men live in ignorance before mystery,
they need not live in darkness...
Justice is foundation and Mercy ETERNAL
."
DKE

"All that we do is touched by Ocean
Yet we remain on the shore of what we know."
Richard Wilbur

[img]/forum/attachments/random-nonsense/16515-sigs-dan_drag.jpg[/img]
Subscribers! Ask Pitch about a Custom Sig Graphic

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
Maxtor Shared Storage II 1TB danrok General Hardware Discussion 5 9th July, 2006 08:01 PM
Athlon X2...with shared L1? cadaveca AMD Motherboards & CPUs 8 12th January, 2006 12:35 AM
Shared technology Toro Random Nonsense! 9 8th May, 2005 10:18 AM
[B]Problems with shared IRQ[/B] RaveMan EPoX MotherBoards 4 10th July, 2002 09:08 PM
A shared thought Daniel ~ Random Nonsense! 27 26th September, 2001 07:43 PM


All times are GMT +1. The time now is 06:54 PM.


Copyright ©2001 - 2010, AOA Forums
Don't Click Here Don't Click Here Either

Search Engine Friendly URLs by vBSEO 3.3.0