----- Original Message ----- From: "Tom Eastep" <teastep@shorewall.net> To: "Paul Gear" <paulgear@yahoo.com> Sent: Saturday, March 16, 2002 6:03 AM Subject: Re: [Shorewall-users] A Philosophic Question> > ----- Original Message ----- > From: "Paul Gear" <paulgear@yahoo.com> > To: "Tom Eastep" <teastep@shorewall.net> > Cc: <shorewall-users@shorewall.net> > Sent: Friday, March 15, 2002 8:00 PM > Subject: Re: [Shorewall-users] A Philosophic Question > > > > > > > > Oh, I agree with you already! I was persuaded by another user toprovide> > > them -- you notice that I don''t put much energy behind enhancing and > > > maintaining them :-) > > > > Perhaps they need a bigger disclaimer, or a notice that they are > unsupported. > > I think "unsupported" is too strong a term -- perhaps I should revisit the > documentation though to be sure that it sets the proper level of > expectations. > > > > > Fair enough. Forget i asked - i''ll shut up now. Anything to keep you > from > > using Python. :-) > > > > Ok -- COBOL 68 it is then... > > -Tom > -- > Tom Eastep \ Shorewall - iptables made easy > AIM: tmeastep \ http://www.shorewall.net > ICQ: #60745924 \ teastep@shorewall.net > > >
> > Fair enough. Forget i asked - i''ll shut up now. Anything to keep you > > from using Python. :-) > > Ok -- COBOL 68 it is then... >Allright! Finally a firewall for my TRS-80! The heck with LEAF... Tom, can we get it to fit on a 30 minute cassette tape? I''d hate to have to wait any longer to reload after power failures... Maybe this is just an outsider''s view of the LEAF/Shorewall distribution (Bearing), but I noticed that Parameters were heavily used and mimicked the shorewall two interface example. Oddly though, it broke Tom''s favorite rule - the DMZ. Instead, it offers the use of port forwarding to the local zone. Yikes! I built a three interface implementation with SSH (on one floppy!) that I plan to play with it one day, but I don''t have any spare lowly PCs with three PCI slots to try it on (nor do I have any dual interface nics). I did see a new Quad that looked interesting.... This would probably be great on a P75 w/ 32-64MB. Wayne /insert witty quote here/ ---------------------------------------------
You can find the quad port D-Link DFE-570TX for $110. -- Sincerely, David Smead http://www.amplepower.com. On Sat, 16 Mar 2002 admin@kiteflyer.com wrote:> > > Fair enough. Forget i asked - i''ll shut up now. Anything to keep you > > > from using Python. :-) > > > > Ok -- COBOL 68 it is then... > > > > Allright! Finally a firewall for my TRS-80! The heck with LEAF... > Tom, can we get it to fit on a 30 minute cassette tape? I''d hate to have to wait > any longer to reload after power failures... > > Maybe this is just an outsider''s view of the LEAF/Shorewall distribution > (Bearing), but I noticed that Parameters were heavily used and mimicked the > shorewall two interface example. Oddly though, it broke Tom''s favorite rule - > the DMZ. Instead, it offers the use of port forwarding to the local zone. Yikes! > I built a three interface implementation with SSH (on one floppy!) that I plan > to play with it one day, but I don''t have any spare lowly PCs with three PCI > slots to try it on (nor do I have any dual interface nics). I did see a new Quad > that looked interesting.... > This would probably be great on a P75 w/ 32-64MB. > > Wayne > > /insert witty quote > here/ > > --------------------------------------------- > > > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@shorewall.net > http://www.shorewall.net/mailman/listinfo/shorewall-users >
Assuming you intend to use this older hardware on slower links (10meg, cable modem, etc.) you should be able to get good results using ISA (16-bit) NICs along with one (or two at most) PCI cards in multiple interface setups. I''ve had pretty good success with the 3Com Etherlink ISA models side by side, with up to three of them and an onboard intel pro PCI in an old Intergraph TD410, for example. That was after slogging through the problems you descibed. Cheers... Paul -----Original Message----- From: shorewall-users-admin@shorewall.net [mailto:shorewall-users-admin@shorewall.net]On Behalf Of Jens Sent: Saturday, March 16, 2002 8:37 PM To: shorewall-users@shorewall.net Subject: Re: Fw: [Shorewall-users] A Philosophic Question On March 16, 2002 06:26 pm, you wrote:> I built a three interface implementation with SSH (on one floppy!) > that I plan to play with it one day, but I don''t have any spare lowly PCs > with three PCI slots to try it on (nor do I have any dual interface nics).> This would probably be great on a P75 w/ 32-64MB.I just went thru hell trying all this on a lowly P75 with 40 megs of ram. It''s got 4 PCI slots but when I put more than two nic''s in, only the first two talk to the outside. I can ping them all, they are all on seperate interrupts but something just isn''t right. I finally decided (best guess) that these early PCI implementations must have some problems with interrupts. It could be just the particular motherboard I was using but I sure wasted a lot of time on this. I now have this P75 running with two interfaces. The external nic is a dlink but the internal interface could not be a dlink as it was getting errors galore (too much work at interrupt). I replaced it with a 3com card (at 3 times the price) and the error count is down dramatically but not zero. Seems that anytime I try using real old hardware I end up screwing around for hours without achieving a satisfactory result. My 2 cents .... Jens _______________________________________________ Shorewall-users mailing list Shorewall-users@shorewall.net http://www.shorewall.net/mailman/listinfo/shorewall-users _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com