Re: [coLinux-users] coLinux as software firewall

[Henry N. <hen...@ar...>]

Hello Olaf,

Olaf Siejka wrote:
> I`d like to know your opinion on a following solution: small and basic
> coLinux debian distro functioning as a virtual router for Windows box
> running that coLinux. I was inspired by:
> http://colinux.wikia.com/wiki/Network#Keep_Windows_off_the_network_--_surf_via_Linux
> 
> Would it be possible to force all Windows traffic to coLinux machine and
> through it, to Internet? Can we achieve total separation of windows box,
> like with hardware router box used? Would it be resource-wise in regard
> of cpu/mem and hdd space usage, comparing to native Windows software
> firewall/IDS solutions?

CoLinux was develop for speed and low recource consumption, not for
security. CoLinux self as a Windows application needs access to network
in your example. So, if you would allow coLinux the network access, then
also all other Windows applications (bad or good) have access to the
network in same way. Sure, you can install some tools to allow only
coLinux the network access. But, after such setup, you not needs coLinux
as firewall. You can than also setup your Firewall to allow only Browser
and Mail and so on the internet access.

The answer about "force all" traffic to coLinux is no.

For your recource questions: A Windwos Firewall and a native
Windows-Proxy would better work. Better for the hdd space and cpu load.

If you wish totaly security, then only a real outside hardware box
(router) can only do it.

An other case is, if you would surf with the Linux-Firefox inside the
coLinux. This would be mutch saver security. Because this type of using
coLinux you are a Linux user and inside a virtual machine.

-- 
Henry N.