Re: [coLinux-devel] A different networking config...

[Hugo C. <hu...@hu...>]

Hi

I agree that having colinux provide firewall and packet shaping for a hos=
t machine may seem a bit cumbersome. However the consumer level firewalls=
 for windows that i've tried (many) are extremelly buggy, to the point of=
 not following the rules reliably! They also enjoy that lovelly feature t=
hat if one day your registry wakes un in a bad mood, they will forget the=
ir rules and either block it all or allow it all. Packet-Shaping is _unhe=
ard of_ in those kinds of products. With the growing popularity of both f=
ilesharing and VOIP a solution like this seems to have its problem waitin=
g for it already. Why should you have to yell at your daughter to turn of=
 kazza because grandma called your VOIP line? Damm, i have to turn off my=
 filesharing clients to browse the web sometimes. Not to mention that the=
 extremelly high number of connections opened by filesharing shows the gl=
aring memory leaks of modern consumer-level win32 firewalls.

It goes around. My idea with this post was to get help with the right con=
figuration for this specific aplication, but also to start a little brain=
storming. I read in the list about the (amazingly few!) technical problem=
s and bugs with colinux but not about it's real applications. I think thi=
s software is an amazing idea and execution. It brings the best of 2 worl=
ds, together, for free. You don't see that every day. There's gotta be so=
mething more interesting to do with colinux than to install windows under=
 vmware under colinux under windows and laugh maniacally.

Sorry for the long non-technical post - i started this discussion in the =
Help forum but it was only in this list that i got replies.

Hugo

> sorry Clemmitt I Just re: to you first time meant to re: all
> 
> Disclaimer: IANAMCSE and IANAcLD
> If the bridging is setup correctly then only the ethernet level of the
> stack  should be used for the unfiltered data because windows does not
> have an address on the physical lan all TCP/IP trafic will be filtered.=

> 
> But Clemmitt's point is valid because there could be non TCP/IP
> holes such
> as netbeui or any other network layer protocols that are left open on
> windows or a carefully formed TCP/IP packet that could exploit a
> flaw in
> the lower layers and also any raw ethernet holes that there may be in
> windows. Long story short this would not be any better than any
> other host
> based firewall except for maby a lot more flexability. Other windows
> specific host based firewalls probably take the fact that they are
> running
> on windows and at least holler at you if netbeui or something else
> is on.
> 
> chris
>