Mailinglist Archive: opensuse (2343 mails)

< Previous Next >
Re: [opensuse] NFS client/server problems when an NFS server is offline
  • From: Anton Aylward <anton.aylward@xxxxxxxxxx>
  • Date: Mon, 05 Jan 2009 14:00:42 -0500
  • Message-id: <496258DA.10506@xxxxxxxxxx>
Hans Witvliet said the following on 01/05/2009 01:37 PM:

I would suggest to use an small machine as a central point in in your
network, acting as firewall, mail-hub, nfs-server, backup-server, etc
etc...

I would suggest two.
Its simpler and safer not to mix the firewall with the other functions.
Go along to the Salvation Army or whatever your national or subnational
thrift store is (Oxfam, Goodwill ...) and pick up a old machine for
about $10. Add a extra network card and install IPCOP (or any one of a
dozen others you might find at http://www.livecdlist.com/ ). it doesn't
need to be powerful, its only filtering packets. It doesn't need a
monitor, these things are controlled via a HTTPS-link (*NOT* to port
80!) or SSH.

Things like IPCOP - which I'm using at the moment (and I didn't always
and probably won't always, but its there right now) can support DMZ and
wireless zones and are very small and lightweight. I run IPCOP on a P1
with 64M of memory.

Its much safer *NOT* to put anything that you might want to protect on
the firewall. Think of the firewall as a software fuse. You want a
"deny all except that which is explicitly permitted" policy, and you
want to be sure that if you make any mistakes things don't get past the
firewall. The most common mistake is to have 'protected' information
*ON* the firewall. Yes, I know its tempting, all that computing power
going spare ... That's why I recommend a low-end machine so you don't
get tempted.

Of course in a commercial/industrial setting the situation is very
different from the "family at home" one.

--
There cannot be a crisis next week. My schedule is already full.
Henry Kissinger
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >