FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 04-05-2010, 02:41 AM
Gene Heskett
 
Default recommend hardware firewall

On Sunday 04 April 2010, Michael Miles wrote:
>On 04/04/2010 12:32 PM, Dave Ihnat wrote:
>> On Sun, Apr 04, 2010 at 03:26:52PM -0400, Bill Davidsen wrote:
>>> I see no benefit to a hardware router vs. running Linux with the
>>> firewall configured.
>>
>> Well, yes, there is. Two different platforms, different firewalls, mean
>> that no single attack vector can be used on both of them.
>>
>> I wouldn't recommend the BEFSR41 line, though. Get a WRT54G/WRT54GL and
>> load either Tomato or DD-WRT. Much more capable than the native
>> firmware, and free to boot. (Or to run...joke...)
>>
>>> There are good, free, firewall packages you can run on a cheap machine.
>>
>> That's effectively what you're doing with the free firmware on
>> commercial firewalls, without the need to maintain another full OS and
>> usually in a very much smaller physical package.
>>
>> $0.02, YMMV, etc.
>>
>> Cheers,
>> --
>> Dave Ihnat
>> dihnat@dminet.com
>
>I have found that yes it is quite old
>
>I am about to flash the firmware to the latest befsr-v1.46.02_FW_code
>
>its a bin file and from what I understand under linux I am to use tftp
>to do this
>
>tftp 192.168.1.1
>mode binary
>put CODE.BIN
>
>
>
>
>I am just trying to figure it out before I go ahead
>
>Michael
>
Please check the serial number and version of your befsr-41 on their web
site before doing that, I understand that stuffing too new a FW into an
older one will brick it. I know of at least 3 versions of it.

--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)

The default Magic Word, "Abracadabra", actually is a corruption of the
Hebrew phrase "ha-Bracha dab'ra" which means "pronounce the blessing".
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 04-05-2010, 04:51 AM
Michael Miles
 
Default recommend hardware firewall

On 04/04/2010 07:41 PM, Gene Heskett wrote:
> On Sunday 04 April 2010, Michael Miles wrote:
>
>> On 04/04/2010 12:32 PM, Dave Ihnat wrote:
>>
>>> On Sun, Apr 04, 2010 at 03:26:52PM -0400, Bill Davidsen wrote:
>>>
>>>> I see no benefit to a hardware router vs. running Linux with the
>>>> firewall configured.
>>>>
>>> Well, yes, there is. Two different platforms, different firewalls, mean
>>> that no single attack vector can be used on both of them.
>>>
>>> I wouldn't recommend the BEFSR41 line, though. Get a WRT54G/WRT54GL and
>>> load either Tomato or DD-WRT. Much more capable than the native
>>> firmware, and free to boot. (Or to run...joke...)
>>>
>>>
>>>> There are good, free, firewall packages you can run on a cheap machine.
>>>>
>>> That's effectively what you're doing with the free firmware on
>>> commercial firewalls, without the need to maintain another full OS and
>>> usually in a very much smaller physical package.
>>>
>>> $0.02, YMMV, etc.
>>>
>>> Cheers,
>>> --
>>> Dave Ihnat
>>> dihnat@dminet.com
>>>
>> I have found that yes it is quite old
>>
>> I am about to flash the firmware to the latest befsr-v1.46.02_FW_code
>>
>> its a bin file and from what I understand under linux I am to use tftp
>> to do this
>>
>> tftp 192.168.1.1
>> mode binary
>> put CODE.BIN
>>
>>
>>
>>
>> I am just trying to figure it out before I go ahead
>>
>> Michael
>>
>>
> Please check the serial number and version of your befsr-41 on their web
> site before doing that, I understand that stuffing too new a FW into an
> older one will brick it. I know of at least 3 versions of it.
>
>
So I should step it up by flashing all sequential updates?


--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 04-05-2010, 05:01 AM
Gene Heskett
 
Default recommend hardware firewall

On Monday 05 April 2010, Michael Miles wrote:
>On 04/04/2010 07:41 PM, Gene Heskett wrote:
>> On Sunday 04 April 2010, Michael Miles wrote:
>>> On 04/04/2010 12:32 PM, Dave Ihnat wrote:
>>>> On Sun, Apr 04, 2010 at 03:26:52PM -0400, Bill Davidsen wrote:
>>>>> I see no benefit to a hardware router vs. running Linux with the
>>>>> firewall configured.
>>>>
>>>> Well, yes, there is. Two different platforms, different firewalls,
>>>> mean that no single attack vector can be used on both of them.
>>>>
>>>> I wouldn't recommend the BEFSR41 line, though. Get a WRT54G/WRT54GL
>>>> and load either Tomato or DD-WRT. Much more capable than the native
>>>> firmware, and free to boot. (Or to run...joke...)
>>>>
>>>>> There are good, free, firewall packages you can run on a cheap
>>>>> machine.
>>>>
>>>> That's effectively what you're doing with the free firmware on
>>>> commercial firewalls, without the need to maintain another full OS and
>>>> usually in a very much smaller physical package.
>>>>
>>>> $0.02, YMMV, etc.
>>>>
>>>> Cheers,
>>>> --
>>>> Dave Ihnat
>>>> dihnat@dminet.com
>>>
>>> I have found that yes it is quite old
>>>
>>> I am about to flash the firmware to the latest befsr-v1.46.02_FW_code
>>>
>>> its a bin file and from what I understand under linux I am to use tftp
>>> to do this
>>>
>>> tftp 192.168.1.1
>>> mode binary
>>> put CODE.BIN
>>>
>>>
>>>
>>>
>>> I am just trying to figure it out before I go ahead
>>>
>>> Michael
>>
>> Please check the serial number and version of your befsr-41 on their web
>> site before doing that, I understand that stuffing too new a FW into an
>> older one will brick it. I know of at least 3 versions of it.
>
>So I should step it up by flashing all sequential updates?
>
I have never done that myself. But there are warnings, or were, on the
linksys download site, saying you can't put a version 3 image in a version 2
unit. I wasn't trying to scare you, just make sure you did your homework.
;-) I have one of those units, but it hasn't been plugged in in a couple of
years as I switched to DD-WRT on a clapped out k6 box with everything non-
essential stripped. Not even a hard drive or a floppy. It boots from a cf
card on the end of an ide cable. I used gftp to update mine several times
though, it Just Worked(TM). And so far, no one I didn't give the password
to has gotten to it, or any of the machines behind it.

--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)

Mathematics deals exclusively with the relations of concepts
to each other without consideration of their relation to experience.
-- Albert Einstein
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 04-05-2010, 06:25 AM
Michael Miles
 
Default recommend hardware firewall

On 04/04/2010 10:01 PM, Gene Heskett wrote:
> On Monday 05 April 2010, Michael Miles wrote:
>
>> On 04/04/2010 07:41 PM, Gene Heskett wrote:
>>
>>> On Sunday 04 April 2010, Michael Miles wrote:
>>>
>>>> On 04/04/2010 12:32 PM, Dave Ihnat wrote:
>>>>
>>>>> On Sun, Apr 04, 2010 at 03:26:52PM -0400, Bill Davidsen wrote:
>>>>>
>>>>>> I see no benefit to a hardware router vs. running Linux with the
>>>>>> firewall configured.
>>>>>>
>>>>> Well, yes, there is. Two different platforms, different firewalls,
>>>>> mean that no single attack vector can be used on both of them.
>>>>>
>>>>> I wouldn't recommend the BEFSR41 line, though. Get a WRT54G/WRT54GL
>>>>> and load either Tomato or DD-WRT. Much more capable than the native
>>>>> firmware, and free to boot. (Or to run...joke...)
>>>>>
>>>>>
>>>>>> There are good, free, firewall packages you can run on a cheap
>>>>>> machine.
>>>>>>
>>>>> That's effectively what you're doing with the free firmware on
>>>>> commercial firewalls, without the need to maintain another full OS and
>>>>> usually in a very much smaller physical package.
>>>>>
>>>>> $0.02, YMMV, etc.
>>>>>
>>>>> Cheers,
>>>>> --
>>>>> Dave Ihnat
>>>>> dihnat@dminet.com
>>>>>
>>>> I have found that yes it is quite old
>>>>
>>>> I am about to flash the firmware to the latest befsr-v1.46.02_FW_code
>>>>
>>>> its a bin file and from what I understand under linux I am to use tftp
>>>> to do this
>>>>
>>>> tftp 192.168.1.1
>>>> mode binary
>>>> put CODE.BIN
>>>>
>>>>
>>>>
>>>>
>>>> I am just trying to figure it out before I go ahead
>>>>
>>>> Michael
>>>>
>>> Please check the serial number and version of your befsr-41 on their web
>>> site before doing that, I understand that stuffing too new a FW into an
>>> older one will brick it. I know of at least 3 versions of it.
>>>
>> So I should step it up by flashing all sequential updates?
>>
>>
> I have never done that myself. But there are warnings, or were, on the
> linksys download site, saying you can't put a version 3 image in a version 2
> unit. I wasn't trying to scare you, just make sure you did your homework.
> ;-) I have one of those units, but it hasn't been plugged in in a couple of
> years as I switched to DD-WRT on a clapped out k6 box with everything non-
> essential stripped. Not even a hard drive or a floppy. It boots from a cf
> card on the end of an ide cable. I used gftp to update mine several times
> though, it Just Worked(TM). And so far, no one I didn't give the password
> to has gotten to it, or any of the machines behind it.
>
>
I do have the right version 2 flashfiles
The current version installed is 2 versions from the most recent
So I have looked and yes there is a problem
I flash the next in line then reset router
Do it again and again until I get to the final firmware

At least then some of the bugs I have been experiencing can get resolved

I know I should get a better router but my $$$ usually goes to other
computer endeavours like a new nvidia 295 x 2
I can hardly wait





--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 04-05-2010, 07:03 AM
Tim
 
Default recommend hardware firewall

On Sun, 2010-04-04 at 10:22 -0700, Michael Miles wrote:
> Is it better to run firewall through fedora 12 or through router or both

A firewall at the router can stop things at the boundary, but depending
on how it's implemented, may not stop things between clients within your
LAN. That's probably not an issue at home, but would be at a more
public LAN (school, office, cafe, etc.).

Stopping unwanted traffic as close to the ISP side of your network as
possible may be desirable.

> Not having any problems just curious about protection strength

How long is a piece of string?

Well, when one thing stopping something has actually stopped it, the
second firewall is redundant. But if one hasn't stopped something, the
other may. But complex rules may interact between firewalls, and stop
something you hadn't intended to.

What's probably a more important question is: Do you know how to
configure good firewall rules?

--
[tim@localhost ~]$ uname -r
2.6.27.25-78.2.56.fc9.i686

Don't send private replies to my address, the mailbox is ignored. I
read messages from the public lists.



--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 04-05-2010, 01:59 PM
Gene Heskett
 
Default recommend hardware firewall

On Monday 05 April 2010, Michael Miles wrote:
>On 04/04/2010 10:01 PM, Gene Heskett wrote:
>> On Monday 05 April 2010, Michael Miles wrote:
>>> On 04/04/2010 07:41 PM, Gene Heskett wrote:
>>>> On Sunday 04 April 2010, Michael Miles wrote:
>>>>> On 04/04/2010 12:32 PM, Dave Ihnat wrote:
>>>>>> On Sun, Apr 04, 2010 at 03:26:52PM -0400, Bill Davidsen wrote:
>>>>>>> I see no benefit to a hardware router vs. running Linux with the
>>>>>>> firewall configured.
>>>>>>
>>>>>> Well, yes, there is. Two different platforms, different firewalls,
>>>>>> mean that no single attack vector can be used on both of them.
>>>>>>
>>>>>> I wouldn't recommend the BEFSR41 line, though. Get a WRT54G/WRT54GL
>>>>>> and load either Tomato or DD-WRT. Much more capable than the native
>>>>>> firmware, and free to boot. (Or to run...joke...)
>>>>>>
>>>>>>> There are good, free, firewall packages you can run on a cheap
>>>>>>> machine.
>>>>>>
>>>>>> That's effectively what you're doing with the free firmware on
>>>>>> commercial firewalls, without the need to maintain another full OS
>>>>>> and usually in a very much smaller physical package.
>>>>>>
>>>>>> $0.02, YMMV, etc.
>>>>>>
>>>>>> Cheers,
>>>>>> --
>>>>>> Dave Ihnat
>>>>>> dihnat@dminet.com
>>>>>
>>>>> I have found that yes it is quite old
>>>>>
>>>>> I am about to flash the firmware to the latest befsr-v1.46.02_FW_code
>>>>>
>>>>> its a bin file and from what I understand under linux I am to use
>>>>> tftp to do this
>>>>>
>>>>> tftp 192.168.1.1
>>>>> mode binary
>>>>> put CODE.BIN
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> I am just trying to figure it out before I go ahead
>>>>>
>>>>> Michael
>>>>
>>>> Please check the serial number and version of your befsr-41 on their
>>>> web site before doing that, I understand that stuffing too new a FW
>>>> into an older one will brick it. I know of at least 3 versions of it.
>>>
>>> So I should step it up by flashing all sequential updates?
>>
>> I have never done that myself. But there are warnings, or were, on the
>> linksys download site, saying you can't put a version 3 image in a
>> version 2 unit. I wasn't trying to scare you, just make sure you did
>> your homework. ;-) I have one of those units, but it hasn't been
>> plugged in in a couple of years as I switched to DD-WRT on a clapped out
>> k6 box with everything non- essential stripped. Not even a hard drive
>> or a floppy. It boots from a cf card on the end of an ide cable. I
>> used gftp to update mine several times though, it Just Worked(TM). And
>> so far, no one I didn't give the password to has gotten to it, or any of
>> the machines behind it.
>
>I do have the right version 2 flashfiles
>The current version installed is 2 versions from the most recent
>So I have looked and yes there is a problem
>I flash the next in line then reset router
>Do it again and again until I get to the final firmware
>
>At least then some of the bugs I have been experiencing can get resolved
>
>I know I should get a better router but my $$$ usually goes to other
>computer endeavours like a new nvidia 295 x 2
>I can hardly wait
>
AFAIK, there isn't anything major wrong with the befsr-41 unless it runs out
of bandwidth on a really fast circuit. I never had anyone get past it but
IIRC its length of password is a little short. Root here has a 20+
character password, and I couldn't set one more than 8 chars long in it
IIRC.

--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)

All true wisdom is found on T-shirts.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 04-05-2010, 04:16 PM
Michael Miles
 
Default recommend hardware firewall

On 04/05/2010 12:03 AM, Tim wrote:
> On Sun, 2010-04-04 at 10:22 -0700, Michael Miles wrote:
>
>> Is it better to run firewall through fedora 12 or through router or both
>>
> A firewall at the router can stop things at the boundary, but depending
> on how it's implemented, may not stop things between clients within your
> LAN. That's probably not an issue at home, but would be at a more
> public LAN (school, office, cafe, etc.).
>
> Stopping unwanted traffic as close to the ISP side of your network as
> possible may be desirable.
>
>
>> Not having any problems just curious about protection strength
>>
> How long is a piece of string?
>
> Well, when one thing stopping something has actually stopped it, the
> second firewall is redundant. But if one hasn't stopped something, the
> other may. But complex rules may interact between firewalls, and stop
> something you hadn't intended to.
>
> What's probably a more important question is: Do you know how to
> configure good firewall rules?
>
>
I'm not too bad with firewalls but I am used to more detailed firewall
software.
I just came from the hell they call Win 7 and I was using Bitdefender
for the last couple of years.
I'm just using the firewall that comes with Fedora 12, is there better
firewall software out there.

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 04-05-2010, 04:34 PM
Mikkel
 
Default recommend hardware firewall

On 04/05/2010 11:16 AM, Michael Miles wrote:
> I'm not too bad with firewalls but I am used to more detailed firewall
> software.
> I just came from the hell they call Win 7 and I was using Bitdefender
> for the last couple of years.
> I'm just using the firewall that comes with Fedora 12, is there better
> firewall software out there.
>
Not for the actual firewall, but there are different front-ends for
configuring it. You can pick the one that works best for you, or
write your own firewall rules by hand.

The actual firewall is part of the kernel. What the firewall
software does is help you configure that firewall. When I played
with Windows, the firewall was an add-on - kind of an afterthought.
I don't know if this is still true.

Mikkel
--

Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 04-05-2010, 04:51 PM
Michael Miles
 
Default recommend hardware firewall

On 04/05/2010 09:34 AM, Mikkel wrote:
> On 04/05/2010 11:16 AM, Michael Miles wrote:
>
>> I'm not too bad with firewalls but I am used to more detailed firewall
>> software.
>> I just came from the hell they call Win 7 and I was using Bitdefender
>> for the last couple of years.
>> I'm just using the firewall that comes with Fedora 12, is there better
>> firewall software out there.
>>
>>
> Not for the actual firewall, but there are different front-ends for
> configuring it. You can pick the one that works best for you, or
> write your own firewall rules by hand.
>
> The actual firewall is part of the kernel. What the firewall
> software does is help you configure that firewall. When I played
> with Windows, the firewall was an add-on - kind of an afterthought.
> I don't know if this is still true.
>
> Mikkel
>
It is all add on with windows

I tell you my 4 core Phenom II 945 has more than doubled speed going
from Win 7 x64 to Fedora 12.

These front ends for the firewall in Fedora. Is there one in particular
the you use

Michael
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 04-05-2010, 05:00 PM
Bruno Wolff III
 
Default recommend hardware firewall

On Mon, Apr 05, 2010 at 09:16:20 -0700,
Michael Miles <mmamiga6@gmail.com> wrote:
> I'm just using the firewall that comes with Fedora 12, is there better
> firewall software out there.

That depends on what you are looking for.

iptables has limited deep packet inspection features. It is also only
maintaining a small amount of state. For some more extensive requirements
that might not be good enough.

Also as mentioned in another reply, having front ends that build the low
level rules can be useful. They also typically prevent you from making
rookie mistakes (such as blocking all icmp packets) that might cause odd
problems that are hard to figure out.

Another feature that is related, is doing traffic control. If you have a
router running openwrt (or something similar) you can do traffic control
for you home network. It doesn't work well to try this on each machine,
since each machine doesn't have the big picture. This is useful for providing
lower latency for some traffic despite large transfers going on. Also if
some machines should get better service than others on your network, you
can use traffic control to implement that.

The Linux Advanced Routing and Traffic Control document is a good starting
place. It is dated, but still useful. tc has gotten some additional features
and ifb is supposed to be replacing imq (though openwrt just provides imq
currently unless you build your own image) since that document was written.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 

Thread Tools




All times are GMT. The time now is 08:52 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org