Bart Garst wrote: >On Tue, 2003-12-30 at 20:44, Kevin Brown wrote: > > >>>I have looked around the net a bit and can not figure what I do and do >>>not need to know. >>> >>>I am building a desktop/ firewall for my girlfriend that has cox. As >>>her mother hates me I will not have access to the cable modem before I >>>drop off the computer, and will not have a ton of time to configure the >>>computer before getting something thrown at me. The computer that I am >>>giving away will be protecting the rest of the net from the virus ridden >>>piece of s* that my girlfriend's mom will not let me fix.All I know >>>about the cable modem is that it is not a router and that it has cat-5 >>>out. I have no experiece with such things so I am hoping that you could >>>tell me of the ramifications *or point me to a guide*. >>> >>>Should I do anything special when I install debian? (should I tell it a >>>bs static ip or what?) >>> >>> >>It will need the DHCP client to get an address from cox (and possibly a DHCP >>server for the systems in the house). >> >> >>>How much time should I assume that I will need to invest to get firewall >>>builder setup? >>> >>> >>Depends on how secure you want to make it and other needs. A basic config will >>need to do NAT and prevent outside systems from getting to or through the debian >>router otherwise. >> >> >> > >I think NAT is a bit much (personal opinion). I have a setup similar to >what you're describing. I have my internal machines using the >firewall/router as a gateway and have ip_forwarding enabled. > >Here's a link similar to the how-to I used: >http://en.tldp.org/HOWTO/Firewall-HOWTO.html > >Getting this thing going should be simple, securing it is a different >matter. I've had to make several adjustments to the firewall rules since >I got it going. Make sure you can ssh into this machine from the outside >if they expect you to maintain this system. > >Good luck. >Bart > > > > As this is a g/f, not family, or a long time friend, I was thinking about just setting up debian stable and making a cron job do an apt-get update; apt-get upgrade every night. This would be sufficent I trust to keep the box from getting easily cracked? For that matter I know that it is not a great idea to use a desktop as a firewall, but is it really that terrible?