Very Computer

I've recently been having numerous stability problems with dhcpcd, and since
the price of the Linksys routers have come down significantly since the last
time I looked... I'm about ready to give inand pay the $170 for one.

However, I'd like to make sure that it will not render some of my
connectivity useless.  I still plan to have my Linux box act as a file
server (downloads weather data automatically, serves it to all computers on
the network via Samba, FTP, etc), and I'd still like to be able to remotely
connect to the Linux box.  Will this be a problem with the router??
Currently, I have 2 windows machines and a hybrid (Linux and Windows)
workstation behind a Debian server/firewall which has IPMASQ installed and
running.  If I were "off network" and tried to connect to any of the
computers behind the IPMASQed machine (via ssh or telnet, ftp, etc) I
couldn't do it.  With my Debian server behind the router, would the same
hold true?  I called Linksys and talked to a sales rep (not sure how much he
really knew), but he did say I could setup the Linksys router's firewall to
allow connection to a computer on the network through a specific set port.
It is extremely important that I can still connect to the file server
remotely via ssh and ftp.  Is there anyone out there who has used the
Linksys routers that can tell me if this will work?

Thanks much,

Mike

Shouldn't effect a thing all the INTERNAL connections you made
before should remain unnaffected the only thing that changes is
the connections to the outside world.

I actually endorse using this thing as long as you don't need the
power or flexability of the Linux ipchains firewall or IP
Masqing. You may run into a funny app that needs some special
port handling which the Linksys may not do very well.

It is a cheap effecient and low cost way to seperate your
firewall from your internal servers (which increases your
secirity somewhat).  I am hard pressed to justify the expense and
power consumtion of a second PC to do this for home use or very
small office.

The Linksys can act as a DHCP server, handles PPPoE (may require
a software upgrade) and does NAT quite well.  It even incluse
it's own builtin 4 port hub. A cool deal.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I am in no way associated with or endorse the following spam
from Keen.com
.

-----------------------------------------------------------

Got questions?  Get answers over the phone at Keen.com.
Up to 100 minutes free!
http://www.keen.com

I agree with you totally.

Got rid of the old Linux firewall/router box last year for the same
reasons.

Regardless of brand, or location. Hardware stand along
router/switch/with/IP-packing/portforewarding is the BEST way to go. For
added security. Install portsentry on each box.

Home or office. Actually, especially at home, if you don't like constant
nagging noise.
I even put all my computers inside a closet, just run everything through
two monitors , one tiny keyboard and a Wacom digitizing tablet thru a
KVM. Can't stand the noise.

With the hardware standalong router/switch. Just plug all your RJ45
cables in, fire up your browser. And you're done in 10 minutes.

VERY little heat, no annoying fan/hard drive noises, takes very little
space.
All for under $100 to mid $200. for SOHO models. Make MUCH more sense to
spend $50. on an old clunker, $50 for more RAM. $40-50 for 2 NICs,
amight even need a bigger HDD, plus, after all your spendings, and
setting it up. The old clunker might still dies on you anytime. If not,
more heat, and the very annoying fan/hard drive noise... if you have
more than 2 computers going, the noise is unbearable.

Just let them rag writers hype all about it, or they'll soon run out of
things to write.
I'm so tired of reading how to set up a firewall with an old clunker
with Linux.

It's getting too old and tired already. Especially the price of most
hardware are so cheap.

-Alex / blowfish

 [original post is likely clipped to save bandwidth]

Quote:>I've recently been having numerous stability problems with dhcpcd, and since
>the price of the Linksys routers have come down significantly since the last
>time I looked... I'm about ready to give inand pay the $170 for one.

I agree with everybody else - mine works fine. Just be sure and use FW V1.22
or 1.30.5. Everything in between has bugs.

gerry
.......

NO_SPAM added to my email address to confuse robots

Quote:> Shouldn't effect a thing all the INTERNAL connections you made
> before should remain unnaffected the only thing that changes is
> the connections to the outside world.

> I actually endorse using this thing as long as you don't need the
> power or flexability of the Linux ipchains firewall or IP
> Masqing. You may run into a funny app that needs some special
> port handling which the Linksys may not do very well.

From a remote standpoint, I'll only need shell access and FTP access just to
occasionally transfer files, write and implement new scripts, etc.  As long
as I can telnet/ssh *through* the router and into the Debian box I'll be
happy.  I know it's not possible to telnet into an "IP MASQed" machine
behind a  linux firewall, but the sales rep seemed to indicate it was
possible with the Linksys router.

Example setup:

cable modem-------> Linksys router (24.x.x.x)
                                   |
                                   |
               |-------------------|-----------------|
               |                   |                 |
           win98-a        win98-b           ------------|
         192.168.0.1    192.168.0.2                 |
                                                              Debian Linux
                                                              192.168.0.3

Is it possible to do an ssh remotely into 24.x.x.x and somehow have the
Linksys router allow me to access the Debian Linux box on the 192.168.x.x IP
Address?

Thanks again
-Mike

Unrot13 this;

Gene Heskett sends Greetings to Mike Hardiman;

Quote:>> Shouldn't effect a thing all the INTERNAL connections you made
>> before should remain unnaffected the only thing that changes is the
>> connections to the outside world.

>> I actually endorse using this thing as long as you don't need the
>> power or flexability of the Linux ipchains firewall or IP Masqing.
>> You may run into a funny app that needs some special port handling
>> which the Linksys may not do very well.

 MH> From a remote standpoint, I'll only need shell access and FTP
 MH> access just to occasionally transfer files, write and implement
 MH> new scripts, etc.  As long as I can telnet/ssh *through* the
 MH> router and into the Debian box I'll be happy.  I know it's not
 MH> possible to telnet into an "IP MASQed" machine behind a  linux
 MH> firewall, but the sales rep seemed to indicate it was possible
 MH> with the Linksys router.

 MH> Example setup:

 MH> cable modem-------> Linksys router (24.x.x.x)
 MH>                                    |
 MH>                                    |
 MH>                |-------------------|-----------------|
 MH>                |                   |                 |
 MH>            win98-a        win98-b           ------------|
 MH>          192.168.0.1    192.168.0.2                 |
 MH>                                                              Debi
 MH>                                                              an
 MH>                                                              Linu
 MH>                                                              x
 MH>                                                              192.
 MH>                                                              168.
 MH>                                                              0.3

 MH> Is it possible to do an ssh remotely into 24.x.x.x and somehow
 MH> have the Linksys router allow me to access the Debian Linux box
 MH> on the 192.168.x.x IP Address?

I would sincerely hope not!  And if you can, I'd sure get rid of the
linksys before the whole network becomes a playground for somebody with a
rootkit.  How I'd get rid of it is by demanding my money back!

The whole idea of that whole class B address block is that it is
unconditionally private to the outside world.

Note that it is possible to make one eth0 interface do a self duplicate
however, by giving it a second alias or something with a valid 24.x.x.x
address.  This is also a security hole big enough to drive a truck
through, and should only be brought up and functional when you need it.
I did have such a settup on my office machine for a few hours a year
ago, but now the 'internal' alias has been shut down as it exposes our
whole system to hackers.

Cheers, Gene
--

        email gene underscore heskett at iolinc dot net
ISP's please take note: My spam control policy is explicit!
#Any Class C address# involved in spamming me is added to my killfile
never to be seen again.  Message will be summarily deleted without dl.
This messages reply content, but not any previously quoted material, is
? 2000 by Gene Heskett, all rights reserved.
--

Mike,

Try going to the Linksys site and read up on the "port forwarding"
capability of the router - I think this will do what you're looking for.
BTW, BUYCOMP.COM has the router for $158.95 :
http://www.us.buy.com/comp/product.asp?Sku=10235958

Joe

Quote:> I've recently been having numerous stability problems with dhcpcd, and
since
> the price of the Linksys routers have come down significantly since the
last
> time I looked... I'm about ready to give inand pay the $170 for one.

> However, I'd like to make sure that it will not render some of my
> connectivity useless.  I still plan to have my Linux box act as a file
> server (downloads weather data automatically, serves it to all computers
on
> the network via Samba, FTP, etc), and I'd still like to be able to
remotely
> connect to the Linux box.  Will this be a problem with the router??
> Currently, I have 2 windows machines and a hybrid (Linux and Windows)
> workstation behind a Debian server/firewall which has IPMASQ installed and
> running.  If I were "off network" and tried to connect to any of the
> computers behind the IPMASQed machine (via ssh or telnet, ftp, etc) I
> couldn't do it.  With my Debian server behind the router, would the same
> hold true?  I called Linksys and talked to a sales rep (not sure how much
he
> really knew), but he did say I could setup the Linksys router's firewall
to
> allow connection to a computer on the network through a specific set port.
> It is extremely important that I can still connect to the file server
> remotely via ssh and ftp.  Is there anyone out there who has used the
> Linksys routers that can tell me if this will work?

> Thanks much,

> Mike

Should be possible by using port forwarding - and BTW that's the
SAME way you would do it with IPMASQING - and it IS possible.

You would forward requests to the ports to the internal screen,
if the Linksys is like a few other routers I set up it is an easy
to use web page that you indicate what port to forward to what
port on what IP. I can't remember the port to forward for SSH but
the FTP port is 21.

Be DANG sure that your security is tight on the FTP server.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I am in no way associated with or endorse the following spam
from Keen.com
.

-----------------------------------------------------------

Got questions?  Get answers over the phone at Keen.com.
Up to 100 minutes free!
http://www.keen.com

I've got the 4-port Linksys router, and I can authoritatively state the
following:

1. It has a 4-port 10/100 SWITCH, not a hub.
2. Installation and configuration was brainlessly easy, but make sure you
change the default password!
3. It works with PPPoE.
4. It can be both a DHCP client (for dynamic IP DSL/Cable), as well as a
server.
5. Internal computers can have static IP addresses or DHCP assigned IP
addresses, both on the 192.168.1.0/24 network.
6. You can forward specific ports to internal machines by IP address; I have
port 80 and 22 forwarded to my linux box.
7. You can build a static routing table inside the router
8. You can establish a DMZ host that will be outside of the 'firewall' zone,
and universally available - perfect for GNUtella, etc.  This does not affect
the port forwards set up; port 80 and 22 will still go to the Linux box,
everything else to, say, a Windows box.

It's a great little tool, worth every penny of the $159 I found it for
online.

On Thu, 20 Jul 2000 10:41:25 -0700, Chris Harshman

What is the model? Or do they just make one?

--
Hal B



--