Sunday, April 18, 2004 3:00 AM Harry Hoffman screamed: > If you have more than one account you shouldn't be running X!!!!!!!!!! > > Let me repeat this just in case I wasn't clear: in a firewall running linux > there is not good reason to be running a windowing system!!!!!!!!!!!!!!!!!!! > [ !, for space more so than for emphasis! ]. But seriously don't do it, > X shouldn't even be on you system. Hello! Why did you just jump down the collective throats of these three gentlemen? :( David Petterssen had legitimate questions, Rodolfo J. Paiz provided a reasonable and on-topic suggestion that would make it easier for David to achieve his goal (assuming he isn't of the "I must hack it out myself." mindset. Lets face it, we get both here.) and John Lagrue was simply relating his experience with the product Rodolfo suggested. John's closing comment about Enlightenment may or may not have pertained to his firewall box. You don't know. I don't know. Only he does. But you what to know something? It doesn't matter either way! Who are you to state categorically that ANYTHING is a bad idea for either of them? Specifically when you have almost no knowledge of David's operational requirements and constraints and absolutely nothing about either Rodolfo's or John's. I've been in this business for almost 25 years and hold the dubious and totally unprovable distinction of never having any system I have been responsible for successfully hacked. I've been doing security for a long time and I'm damn good at it. However, over half the linux firewalls I have in place run X. And a myriad of other services. This is because they are in the hands of people who are not comfortable with a command line and can't afford to have one box dedicated to being a firewall and nothing else. They need appliance boxes. Plain and simple. Don't get me wrong, I shut down X where-ever I can, but there are some customers who what it, and that's that. Besides, a properly configured iptables script, combined with all (*ALL*) kernel security and iptables updates can provide a reasonable level of protection. You have to be vigilant, but then you should be anyway. Not to mention the folks, and there's a lot of them on this list, who are brand new to linux, who don't even have two boxes and are stuck in <shiver> Dual-Boot Land. They've only got one machine directly connected to the internet. Should they forgo configuring iptables just because they run a full function workstation? If they're smart they run one for the windows side of things, why not the linux side? Or those who have upgraded their windows machines and are loading linux on their old PC? Whether they want to use the linux box as a gateway or not, why shouldn't it be firewalled? Good security is like an ogre (in that ogres are like onions). If you aren't thinking about and implementing multiple layers, then you're not secure and never will be (of course none of us ever will be, but that's a separate philosophical discussion). Every machine I run is firewalled, even those snugly plugged into 'secure' (secured by me) networks. This is just general principal. It makes some things a little harder to administer but I find it's a worthwhile trade-off. > No to your real question, are both cards of the same type? If so both should > be started but maybe only one configured. That should keep the cards as you > expect them to be. Otherwise decide which one you want as eth0 and bring that > one up at boot and bring the other up later! I was going to go on and comment on your actual attempt to help, but then I'd have to get just plain nasty and after writing what I did above, I don't feel that's appropriate right now. Eric Diamond eDiamond Networking & Security 303-246-9555 eric@xxxxxxxxxxxx
