SEO
vBulletin Search Engine Optimization
| |||||||
| Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-18-2008, 09:39 AM
| ||||
| ||||
 Re: slackware with 2 nics as firewall vs netgear router/firewall Keith Keller wrote: > If you're looking to block from sources just for web browsing, you > can set up an HTTP proxy like junkbuster or Apache. I don't know > much about Apache's proxy service, but I know junkbuster can filter > on wildcards. The traffic will still get past your router, but not > past your proxy. Junkbuster or an Apache mod would be tough to go to after being able to change the router filtering in less than ten seconds with a few mouse clicks. (Blackbox (X) gui, Mozilla browser.) Remember, Unix is supposed to be the ultimate in K.I.S.S. - No point in making easy things diffucult. > BTW, *ads* is a bit of overkill, dontcha think?  For a firewall that is slow and difficult to change, yes.... However, you'd be surprised how much junk has "ads" in the URL and how little good stuff contains it. I wouldn't recommend it for anything but a home system and I'm actually filtering on "ads." not "ads". LittleJohn Madison, AL      |
|
02-18-2008, 09:39 AM
| |||
| |||
| Re: slackware with 2 nics as firewall vs netgear router/firewall chello wrote: > LittleJohn wrote: >>Yes, but what I want is: >>iptables --add INPUT --source *microsoft* --jump DROP >>iptables --add INPUT --source *doubleclick* --jump DROP >>iptables --add INPUT --source *ads* --jump DROP > > iptables --add INPUT --source 207.46/16 --jump DROP # microsoft > iptables --add INPUT --source 216.73/16 --jump DROP # doubleclick > > is that more general? Yes, but not general enough. I screen *everything* with MS in the URL, not just from one specific IP subnet. Same with doubleclick, 'ads.', and a long list of 'old favorites'. And I selectively drop filtering for a few seconds if I want to get something from a web page containing one of these verboten words. Sorry, but I suspect you're beating a dead horse. It's rare that any general purpose solution can perform as well at anything as a hardware/software solution engineered to perform a specific task. LittleJohn Madison, AL |
|
02-18-2008, 09:39 AM
| |||
| |||
| Re: slackware with 2 nics as firewall vs netgear router/firewall On Mon, 23 Jun 2003 14:51:04 -0700, RayzrShrp wrote: > Currently I'm operating slack9 on a pentium 133 with 48 megs of RAM and > a 20 gig hd. My question is which is better running slack9 with 2 nics > as my firewall or just keeping the netgear router doing ip natting with > port forwarding for my services. I realize with using slack with 2 nics > I can control every single aspect of the firewall rules & do fun stuff > like packet scanning into my network but are there any other pros? The > router seems to be doing a good enough job and I guess I wonder which is > going to be more secure in the long run. I got a pentium 200 w/48MB of ram and a 420MB HD with two nics running slack 9 w/ custom 2.4.20 kernel. Before I used a D-Link Router and it did ok, but I wanted better security. So I setup a linux router and I noticed that everything seemed to be much faster. My download went from 2.5 Mbits to 3 Mbits.... my upload didn't change cause the cable modem limited it. All in all I think you should go with a linux router and just use the netgear router as a switch (if you have it already). Most of these little features that most of these home routers have can be implemented in a linux box with just a little homework on your part. Something that Miss LittleJohn here didn't do. A word of advice... don't listen to LittleJohn, cause the "Make My Cock 3 inches Bigger" post is better reading than anything he can ever put out. Anyways good luck. Your Fellow Slacker, Ezekiel |
|
02-18-2008, 09:40 AM
| ||||
| ||||
| Re: slackware with 2 nics as firewall vs netgear router/firewall Ezekiel wrote: > My download went from 2.5 Mbits > to 3 Mbits.... my upload didn't change cause the cable modem limited it. I think you'll find that the modem is the limiting factor in both directions. The maximum possible download speed of a cable modem is 2.8 Mbps and that's only under perfect conditions. A higher download rate through a linux box connected to a cable modem is an indication of improper test proceedures. The average cable modem downloads at around 150 kBps with a T-1 running 188kBps. Mine runs 237 (on a good day) connected to Knology through a Motorola cable modem and that's exceedingly fast. > All in all I think you should go with a linux router and just use the > netgear router as a switch (if you have it already). Most of these little > features that most of these home routers have can be implemented in a > linux box with just a little homework on your part. Something that Miss > LittleJohn here didn't do. If you'd done your homework, you'd know that the Netgear router through put speed from the WAN to LAN side, using NAT, is 6.0 to 7.2 Mbps. Therefore the router is *not* the bottleneck you imply. A word of advice... don't listen to LittleJohn, > cause the "Make My Cock 3 inches Bigger" post is better reading than > anything he can ever put out. Very intelligent response. Did you think that up all by yourself? And another thing... Perhaps you would do better if you took you size problem to another forum. I don't think the people here really care. I know I don't. LittleJohn Madison, AL |
Linear Mode
