[H-GEN] Smoothwall dialling problem

Paul Gearon pag at PISoftware.com
Wed Apr 23 20:24:27 EDT 2003


[ Humbug *General* list - semi-serious discussions about Humbug and     ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]

Sorry for my tardiness... I've been away from a computer over Easter...


On 16 Apr 2003, Jason Parker-Burlingham wrote:
> Hilton Travis <Hilton at QuarkAV.com> writes:
> > On Wed, 2003-04-16 at 10:29, Jason Parker-Burlingham wrote:
> > >  Really?  I'd consider sending syslog messages to another host on
> > > the inside of the network.
> > Aahhh - of course - most home users have a spare PC set up as a
> > logging server...
>
> Sarcasm aside, spare PCs are a dime a dozen.  A 486 can be had for a
> song if it doesn't need to come with a monitor, mouse, keyboard, or
> disk drive.  All you really need is a NIC and a floppy disk (or a
> CD-ROM drive if you like).

I can see why a home user wouldn't want to get YET ANOTHER computer up and
running, just for logging.  But why be concerned?  I can't imagine a user
of this type ever checking said logs anyway!  (Wasn't the original home
user in this story only running a single Windows PC to start with?)

However, if it really is a concern, then just run a syslogd on the Windows
PC.  I had no idea if one existed, but a 20 second search on tucows found
2 of them (1 freeware, 1 shareware).  If, however, your browsing PC is
running a Real Operating System (TM) then you'll have a syslogd anyway.
:-)

> > > > web cache...
> > >  A firewall running squid?
> > ... just like they have another spare PC to act as their web proxy.

I have to agree with Jason here.  If you want a firewall, then you want a
firewall.  You DON'T want a web proxy.

If you REALLY, REALLY need a web proxy, then just run it on a local
machine behind the firewall.  If you only have a single Windows PC and no
other machines, then run the proxy on that machine (a proxy shouldn't be
needed in this case, but I'll confess that most browsers seem to be really
bad at caching, so I can understand the desire for one).  There's probably
several Windows proxy caches on tucows, and Squid has a binary download
for Windows.

In other words, all the services that would require a writable file system
shouldn't be run on the firewall.  If they're really needed then run them
on your PC.  This has the added advantage that your firewall can be a
REALLY light and low powered box... maybe even without a fan.  (SnapGear
boxes et al. are a good example of this)

For someone who *insists* that a they need various services running on the
firewall, and is willing to bear the security risks inherent in this
approach, then they are probably a good candidate for one of those
"firewall" software products which attempt to lock down services on
Windows boxes.  <shudder/>  They're better than nothing, and at least the
user wouldn't have to worry about a second computer cluttering up the
place.

Regards,
Paul Gearon

Software Engineer                Telephone:   +61 7 3876 2188
Plugged In Software              Fax:         +61 7 3876 4899
http://www.PIsoftware.com        PGP Key available via finger

Catapultam habeo. Nisi pecuniam omnem mihi dabis, ad caput tuum saxum
immane mittam.
(Translation from latin: "I have a catapult. Give me all the money,
or I will fling an enormous rock at your head.")



--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.  See http://www.humbug.org.au/



More information about the General mailing list