Currently I am using the Galantry FreeBSD box. It has NAT and is precofigured with limited Web based administration. Being bumpkins when we originally set it up we allowed it to be an eMail SENDER. This allowed someone to hijack the email server and us it for spam. We had a very hard time shutting it down because we setup about 150 users in 20 offices using this unit as their outgoing mail server. The company I work for is now ready to move the system from my house (DSL) to the office's T1 split frame. I however, still need to maintain my Woods Riders dirt bike club's site at my house. Hense, Linux & my question.

I did find a good article about ipchans (should not be too difficult to traslatte to iptables) @ http://www.linux-firewall-tools.com/linux/faq/

The article was fairly complete but unless you like typing at least once needs to be run as a script and then saved in the IPTables HowTo way.

Terry

PS Jerry we talked about multihomed Linux about a year ago when I was using RedHat 6.0. 7.2 was much easier to setup and found my cards better.


>Terry & Mike,
>I am curious... were you folks using a firewall on the box that the DSL was connected to, with IP Forwarding on?
>
>I've been running a Cisco 657 from ISP digital phone line, setup as a DHCP server, connected to eth0 on my SuSE 7.1 server. The SuSE has a firewall with ipchains and IP Forwarding on, and with eth1 connected to a NetGear router, to which other boxes on the intranet are connected. It's up 24/7 (nearly 70 days since the last thunderstorm - my server go down for thunderstorms :) and I haven't had a single breakin yet, although my logs show occasional tries. All I'm using is sendmail. What's the diff between my setup and you guy's?
>JLK
>
>
>
>>>I have a RedHat 7.2 installation with two cards that I am hooking to my DSL >connection.
>>>
>>>we exposed our mail server and it got hyjacked :-(
>>>
>>>Thanks VERY much in advance.
>>>
>>>Terry
>>
>>
>>Terry,
>>
>>My advice is to save yourself a LOT of trouble and put a simple, $80 router between your DSL modem and your network Hub. I have installed 8 RH boxes in exactly the way you described above and found that:
>>1. There is an ongoing maintenance issue as new versions of the servers (Apache, Sendmail, etc) are released to address security holes. If you don't upgrade, you risk being hacked since your RH box is completely exposed to the Inet.
>>2. The setup on the router is MUCH simpler and more flexible (maybe I should say "EASILY flexible") than configuring your RH box.
>>3. You can take down the RH box and work on it without depriving your network users their access to the Inet.
>>4. Assuming that a Linux box can be used like a Swiss Army knife, while "nifty", is as goofy as assuming that Windoz will -someday- be stable and reliable. In other words, for each task use the best solution and don't force an oval peg in a round hole. It may fit, but you'll expend unecessary effort.
>>
>>The Linksys #BEFSR11 Router is rock-solid, very configurable, and inexpensive. It's been the best $80 I've spent on setups that are exactly like you are describing.
>>
>>I've converted 7 of my 8 installations to use this approach and it's a HUGE improvement. (And yes, I had two servers hacked because I didn't keep the distro's and/or server software on the RH boxes updated.)
>>
>>Hope this helps.
>>
>>Mike

It is impossible to make programs idiot proof. Idiots are too cleaver.

MCP( Tcp/Ip )