Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
View Poll Results: Which is more secure?
|
nat router - e.g. linksys
|
|
3 |
42.86% |
P133 with firewall type distro
|
|
4 |
57.14% |
Both are equal
|
|
0 |
0% |
|
02-04-2005, 08:32 PM
|
#1
|
Member
Registered: Nov 2003
Location: Texas, USA
Distribution: Ubuntu 7.04
Posts: 44
Rep:
|
nat vs linux distro router for security
Which is more secure:
A nat router or a linux distro on an old pc with a firewall?
Currently I am using a Linksys router but I was wondering if turning
and old P133 into a firewall/router would be more secure.
Or are they about the same depending on configuration?
|
|
|
02-04-2005, 10:30 PM
|
#2
|
Member
Registered: Oct 2003
Location: Planet Earth
Distribution: Slackware, LFS
Posts: 561
Rep:
|
I'd say for the average user a store bought router is perfectly fine and more secure for 1 simple reason. The average user will not and/or does not take the time really learn to use tools like iptables. As a result of that they are more prone to unknownly opening/leaving holes in the firewall. That said, for those that desire to learn to use, or are well versed in it already, iptables and the other software involved, custom building your own router gives you alot more control and the ability to do things the average store bought router can not do. You can also stay on top of any security related updates, whereas you generally need wait on the router manufactor to provide you with new firmware when using a store bought router.
So it really just depends. If you want to setup a router without that much trouble and forget it, I'd go with the store bought variety. But if you wish to dig deeper and tweak your firewall to your liking, then build your own.
|
|
|
02-05-2005, 12:14 AM
|
#3
|
Senior Member
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658
Rep:
|
Re: nat vs linux distro router for security
Quote:
Originally posted by morphodone
Which is more secure:
A nat router or a linux distro on an old pc with a firewall?
Currently I am using a Linksys router but I was wondering if turning
and old P133 into a firewall/router would be more secure.
Or are they about the same depending on configuration?
|
If you perform a minimal install on the PC and don't install any daemons or added software, then you will be running more or less the same thing, as the majority of linksys routers actually run linux (see the "open source info" of their website). While the linksys router is likely more optimized for firewalling/nat'ing and a little more "plug-and-play", it's also less flexible and configurable than a PC-based firewall, so you are kind of limited in a number of areas like logging capabilites, interface, adding on other security apps like snort, etc.
|
|
|
02-05-2005, 12:33 AM
|
#4
|
Member
Registered: Nov 2003
Location: Texas, USA
Distribution: Ubuntu 7.04
Posts: 44
Original Poster
Rep:
|
Thanks for the replies,
it sounds like linksys routers aren't such a bad thing then
i am beginning to think i am not knowledgable enough to setup
a firewall/router on an old pc and be sure it's secure
so i think i'll stick with the linksys for now...
thanks again
|
|
|
02-05-2005, 09:47 PM
|
#5
|
Member
Registered: Feb 2004
Location: Ohio, USA
Distribution: Arch Linux
Posts: 464
Rep:
|
If you have time and some old equipment, building your own can be
fun and a learning experience.
Some time ago I bought a p166 machine with a nic in it for $20US.
I put another old nic in it, removed the cdrom and harddrive, and boot
"FloppyFW" from a write protected floppy.
It took me a couple of days to get it configured to my liking but so far
so good!
http://www.zelow.no/floppyfw/index.html
|
|
|
02-05-2005, 10:50 PM
|
#6
|
Member
Registered: Mar 2004
Location: Berlinsville
Distribution: Slackware/Fedora
Posts: 103
Rep:
|
I recently made a router/firewall for my server to replace a Linksys router, and I feel more secure using my linux router instead of some Linksys router.
My routers specs-
IBM PC 300 PL
Processor: P2 350 Mhz
Memory: 64MB RAM with 512 MB swap
Hdd: 4 GB
CDROM drive?: Yes
It took me a while to get port forwarding to work, but in the end, it felt good because I just feel more secure behind it (and my internet tends to run faster at times ). The router runs Slackware 10, and is part of my openmosix cluster. I installed everything that I would need to run in a shell mode, since I had the hdd space availiable.
So, if you got some old stuff lying around, learn iptables, and make a router just for the fun of it, even though mine was made for a full-time.
-Jim
|
|
|
02-06-2005, 01:50 PM
|
#7
|
Member
Registered: Feb 2003
Location: 1st hop-NYC/NewJersey shore,north....2nd hop-upstate....3rd hop-texas...4th hop-southdakota(sturgis)...5th hop-san diego.....6th hop-atlantic ocean! Final hop-resting in dreamland dreamwalking and meeting new people from past lives...gd' night.
Distribution: Siduction, the only way to do Debian Unstable
Posts: 506
Rep:
|
I use ipcop on an ol cyrex ...works beautifully and has lots of addons.
Also updates when needed security patches are out....and has a backup to disk/hard drive function.
|
|
|
02-06-2005, 05:12 PM
|
#8
|
Member
Registered: Oct 2003
Location: ITALY
Distribution: Debian, Ubuntu, Fedora
Posts: 137
Rep:
|
My opinion is it all depends on how hard you'd be going to code your firewall in the linux distro and what your requirements are.
As I always say, the more the configuration is user-friendly, the more the primitives are complicated and consequentially they contain errors; also, the more the primitives are complicated, the more you have to reach a compromise.
Linksys are good products after all and quite speedy, but you can't expect all the configurability you can get from a linux router.
The best solution to this question would be Cisco Systems routers which are greatly configurable and damn fast, but, man, I'd feel sad for your wallet!
Last edited by TheIrish; 02-06-2005 at 05:14 PM.
|
|
|
02-09-2005, 03:35 PM
|
#9
|
Senior Member
Registered: Nov 2004
Location: Third rock from the Sun
Distribution: NetBSD-2, FreeBSD-5.4, OpenBSD-3.[67], RHEL[34], OSX 10.4.1
Posts: 1,197
Rep:
|
Quote:
Originally posted by JCdude2525
It took me a while to get port forwarding to work, but in the end, it felt good because I just feel more secure behind it (and my internet tends to run faster at times ). The router runs Slackware 10, and is part of my openmosix cluster. I installed everything that I would need to run in a shell mode, since I had the hdd space availiable.
|
I can't help but comment on this -- the fact that you're able to log into your firewall (I assume from the network) and that it has the stuff to support a user environment on it means that you should feel less secure behind it than you did behind your linksys, not more.
|
|
|
02-09-2005, 04:12 PM
|
#10
|
Senior Member
Registered: Nov 2002
Location: British Columbia, Canada
Distribution: Gentoo x86_64; FreeBSD; OS X
Posts: 3,764
Rep:
|
I run my own Linux firewall because it affords you near universal customization abilities you just don't get with a firewall appliance. For instance, I wrote a Perl script which parses my Exim and Apache logs and grabs the IP address of zombie boxes and spam relay attempts and blacklists them on the fly. Since implementing this my logs have way less nuisance entries, since a lot of these attempts are repeats.
|
|
|
02-09-2005, 06:55 PM
|
#11
|
Senior Member
Registered: Nov 2004
Location: Third rock from the Sun
Distribution: NetBSD-2, FreeBSD-5.4, OpenBSD-3.[67], RHEL[34], OSX 10.4.1
Posts: 1,197
Rep:
|
A firewall that runs a webserver is neither.
|
|
|
02-09-2005, 07:57 PM
|
#12
|
Senior Member
Registered: Nov 2002
Location: British Columbia, Canada
Distribution: Gentoo x86_64; FreeBSD; OS X
Posts: 3,764
Rep:
|
Quote:
A firewall that runs a webserver is neither.
|
I can assure you I have both.
I suppose there are arguments for and against this sort of thing, but I can state that in my situation running two separate boxes would be silly. Besides, I am more than confidant in the security of my network. I closely monitor security lists and I am quick with the patches when necessary. I've been running my firewall/busybox for two and a half years now without incident, so I see no need to spread the work over two boxes and make my job that much harder.
|
|
|
All times are GMT -5. The time now is 09:53 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|