A folloup query - was Re: [clug] Calling all Linux n00bs

Rod Peters rpeters at pcug.org.au
Fri Jun 12 23:50:14 GMT 2009 

On Thursday 11 June 2009 22:00:16 linux-request at lists.samba.org wrote:
> Re: A folloup query - was  Re: [clug] Calling all Linux n00bs
>  From: Daniel Pittman <daniel at rimspace.net>
>  To: CLUG List <linux at lists.samba.org>
>
> Rod Peters <rpeters at pcug.org.au> writes:
> > On Thursday 11 June 2009 12:20:10 linux-request at lists.samba.org wrote:
> >> > I use an ASUS WL600G ADSL2+ modem/router/wireless AP
>
> [...]
>
> >> http://support.asus.com/download/download.aspx?SLanguage=en-us&model=WL-
> >>600 I haven't advised you to buy this, I've just said I use it, I like
> >> it, it's linux, you might like to look into it further. I don't think
> >> you'll go to far wrong with this, or indeed any other adsl modem/router.
> >> If you want to configure a firewall using iptables commands this does
> >> it. Drop in a new firmware to make it your lower power home server, you
> >> /can/ do that to. Plug it in and have it work without worrying about any
> >> of that? Does ok on that front too. Probably netgear has a slightly more
> >> user-friendly interface (by reputation at least).  Good luck. You'll be
> >> fine.
> >
> > Well you might be, as long as you understand that most of these packaged
> > routers either don't have the more effective firewalling techniques such
> > as SPI or, if installed, it is disabled by default, to avoid
> > incompatibility with Vista.
>
> Most of the low end consumer routers are based on their VXWorks or Linux,
> both of which have TCP Window Scaling compliant SPI, or "connection
> tracking", firewall implementations.
>
> For most of the devices a firmware update is available that corrects them.
>
Perhaps, but this process is similar to flashing the BIOS on a PC, which I 
suggest the vast majority of PC owners won't tackle.  The cost of having a 
computer shop do it is similar to a new router.

So for the average owner, these devices have limited firewalling.

The practical way to LAN PC is to set ethernet as a "trusted zone" on each PC.  
Net result is that the whole LAN has firewalling of limited effect.

> > You can search for SPI and/or "TCP Window Scaling" on Wikipedia to see
> > why.
>
> These issues exist, but mostly don't have the degree of trouble or the
> significant flow on effects you suggest.
>
> Regards,
>         Daniel


Rod

More information about the linux mailing list