On Sat, Dec 11, 2004 at 11:58:24AM -0600, Terry Linhardt wrote: > I might also add that your comments above about using dual NICS, turning > off iptables internally, etc. are all valid. I'll just note that this > has become one of those issues in which I want to learn how to solve the > problem at hand, even though there are a couple of "work-arounds." > Sometimes I am just pragmatic, but I envision a need to solve this > problem for a "public" ftp server in the near future. Planning ahead? You're going to ruin your chances for promotion.. :-) Management is only allowed to think its way out of the current crisis. Planning ahead interferes with making the revenue numbers for the quarter... :-) On a more serious note - I avoid becoming too dependent on the GUI style config tools. They have two serious drawbacks: #1 - Poor functionality: many of them (like Fedora's) are extremely limited in what you can do with them. What I think you are calling work arounds are actually the main tools intended to be used to manage iptables. The GUI's are afterthoughts intended to allow non-sysadmins to be able to use/configure firewalls in a minimal fashion. (Note - I'm not saying don't use the GUI tools, just be aware of their deficiencies and be ready to work at a deeper level when needed). (Note, there are some very serious tools designed for managing iptables firewalls, look up IPCOP, shorewall and others, as far as I know, the Fedora firewall GUI doesn't even have 5% of the capabilities those tools have). #2 - Distro specific. Mostly, each Distro has their own GUI tool for managing the firewall. So you have to learn a new GUI tools for each different distro. If you know how to manage the firewall directly it won't matter which distro you encounter. You can do it the same way on all of them. Example - how do you configure a time based change in the firewall using the Fedora Firewall GUI tool? (Hourly, weekly, daily, monthly etc..) Is this a realistic example? yes- had to something like this for a medical firm. (this can be done on all Linux system using cron, a shell script, and the iptables command.) -- Linux/Open Source: Your infrastructure belongs to you, free, forever. Idealism: "Realism applied over a longer time period" http://www.scaled.com/projects/tierone/ <a href=http://kinz.org>Kinz</a> http://www.fedoratracker.org http://www.fedorafaq.org http://www.fedoranews.org Jeff Kinz, Emergent Research, Hudson, MA. ~ ~ ~ ~
