Dave Howorth wrote:
I've been thinking about security a bit. Most of my home security depends on my ADSL router and especially on the NAT it provides. Now I could try to harden every machine on my network, which I admit would be best practice, but (a) I'm lazy and (b) I've got little control over some of the devices on the network. So I've been wondering about putting another dedicated machine in between my router and my network to make it harder to penetrate. My router also provides my WAN, FWIW.
Is this at all sane? Would openSUSE make a good basis for the machine? What software would I need to run on it? What hardware power would I need?
I do this here. I do have a router that does SIP(*) and would do WLAN and so on, but I decided to put a machine inbetween that will do DHCP and NAT, firewall everything, and also use that for providing WLAN so I also have that under my control. The latter was the most complicated - it involved bridging ethernet and wireless together so dhcpd works seamless, and setting up hostapd. It is running openSUSE - still LEAP 42.3, so it will need (quite some?) work on the firewall side if/when I update/migrate that. (*)that phone thing is the only reason I keep the 'modem'. The real router is actually in the cellar (fiber connection), but the phone company doesn't allow using other programs for the phone line, so it has to stay in the loop :( I'm running that on a dual core celeron Shuttle, though for only that it might even be overpowered. But once you have it available - it also is print server and NAS for the video and audio collection and my private git repo host. The only thing you should look for IMHO is 2 ethernet ports and maybe an easy connection of an external antenna for WiFi. If it would really only be firewalling you might even use a Pi - there's specialized distributions for it. The network throughput is lower, though. If you have an external Gbit line I'd not do that. openSUSE also has the Pi port, so you can use it there, too, if you feel more comfortable using something known (I do...) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org