Hans Witvliet said the following on 01/05/2009 01:37 PM:
I would suggest to use an small machine as a central point in in your network, acting as firewall, mail-hub, nfs-server, backup-server, etc etc...
I would suggest two. Its simpler and safer not to mix the firewall with the other functions. Go along to the Salvation Army or whatever your national or subnational thrift store is (Oxfam, Goodwill ...) and pick up a old machine for about $10. Add a extra network card and install IPCOP (or any one of a dozen others you might find at http://www.livecdlist.com/ ). it doesn't need to be powerful, its only filtering packets. It doesn't need a monitor, these things are controlled via a HTTPS-link (*NOT* to port 80!) or SSH. Things like IPCOP - which I'm using at the moment (and I didn't always and probably won't always, but its there right now) can support DMZ and wireless zones and are very small and lightweight. I run IPCOP on a P1 with 64M of memory. Its much safer *NOT* to put anything that you might want to protect on the firewall. Think of the firewall as a software fuse. You want a "deny all except that which is explicitly permitted" policy, and you want to be sure that if you make any mistakes things don't get past the firewall. The most common mistake is to have 'protected' information *ON* the firewall. Yes, I know its tempting, all that computing power going spare ... That's why I recommend a low-end machine so you don't get tempted. Of course in a commercial/industrial setting the situation is very different from the "family at home" one. -- There cannot be a crisis next week. My schedule is already full. Henry Kissinger -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org