Re: [Firestarter-user] Should I put firestarter on both computersor one?
Brought to you by:
majix
Menu
▾
▴
Re: [Firestarter-user] Should I put firestarter on both computersor one?
|
From: Anthony C. <ac...@ac...> - 2006-08-20 07:50:27
|
On 18 Aug 2006, Jack Bowling wrote: > On Tue, Aug 15, 2006 at 08:23:13AM +0100, Anthony Campbell wrote: > > On 14 Aug 2006, Mike Hanby wrote: > > > It sounds like you are using FireStarter as a firewall on both your desktop > > > and your laptop. > > > > > > DSL/Cable Modem > > > | > > > WAP/Router/Gateway/DHCP > > > | > > > / \ > > > / \ > > > FireStarter FireStarter > > > Laptop Desktop > > > > > > Your router is presumable a Linksys WAP/Router/Gateway (or other > > > manufacturer). > > > > > > I don't see anything wrong with this type of configuration. You are just > > > using the firewall functionality on each of the computers and not the NAT > > > Internet Sharing functionality (which would require the second Ethernet card > > > in your desktop). > > > > > > You could configure iptables on both the desktop and laptop to accomplish > > > this, but you wouldn't have the nice GUI provided by FireStarter. > > > > > > Mike Hanby > > > > > > > Thanks for the reply. Yes, this is what I'm doing and it seems to be > > working OK. > > One of FS's main strengths is actually the GUI which allows you an easy way > to both monitor hits in real time and to take blocking action when > necessary. So even if you have no rules defined and rely on your router's > firewall, FS is still very useful. However, "defence in depth" is the way > to go and using FS to restrict access to known IPs, etc., is a very easy > thing to do with the GUI. > > Jack > Everything seems to be working and it's certainly very easy to set up, but my remaining concern is that I am simply assuming that Firestarter is doing the right things. Obviously the reason I am using it is that I have only a hazy idea of how to configure iptables, otherwise I'd do it myself; but the way that FS does it (as shown by iptables -L) seems to be different from that of Shorewall. I've no real idea how important that is. Anthony -- Anthony Campbell - ac...@ac... Microsoft-free zone - Using Linux Gnu-Debian http://www.acampbell.org.uk (blog, book reviews, on-line books and sceptical articles) |