Under Linux, i can configure my DSL connection with pppoeconf (debian), without configure my Ethernet interface (eth0), just load kernel module fo ethernet interface, launch pppoeconf here is it. Another way is to configure the DSL interface (eth0 -> ALCATEL Speed Touch Home) with IP:10.0.0.1 so i can telnet or access with an web explorer the modem on 10.0.0.138. After i launch pppoeconf and here is it again ... :) Wich configuration is more secure ? Any comments ?! In case of the 2 choice, must i define zones/rules/policy for local traffic between modem and eth0 ? -- VETSEL Patrice Forum d''aide DEBIAN Francophone sur : http://kagou.tuxfamily.org/
cheers();> Under Linux, i can configure my DSL connection with pppoeconf (debian), > without configure my Ethernet interface (eth0), just load kernel module > fo ethernet interface, launch pppoeconf here is it. > > Another way is to configure the DSL interface (eth0 -> ALCATEL Speed > Touch Home) with IP:10.0.0.1 so i can telnet or access with an web > explorer the modem on 10.0.0.138. After i launch pppoeconf and here is > it again ... :) > > Wich configuration is more secure ? > Any comments ?! > In case of the 2 choice, must i define zones/rules/policy for local > traffic between modem and eth0 ?If your DSL modem is connected to eth0, you should not have eth0 in your iterfaces file. Use the ppp0 (or whatever it is called) for all shorewall rules / policies. I don''t know, if there are any differences in security. I doubt that. (Tom will slap me, if I am wrong. ;) As I am running Mandrake the second described configuration is used: ifconfig shows eth0 and ppp0, but never use eth0 for DSL. (btw: That''s the biggest problem with Mandrake''s pre-configured shorewall: They are using both, thus breaking everything.) karsten -- Hi, I''m a signature virus. Copy me into your ~/.signature to help me spread!
--On Thursday, January 30, 2003 10:51 PM +0100 kb <kb@bluehash.de> wrote:> > As I am running Mandrake the second described configuration is used: > ifconfig shows eth0 and ppp0, but never use eth0 for DSL. > (btw: That''s the biggest problem with Mandrake''s pre-configured > shorewall: They are using both, thus breaking everything.)A couple of things: a) Not all DSL providers require you to use PPPoE/PPPoA/PPTP/<other acronym with lots of ''P''s in it>. I have DSL service and my connection is Frame Relay Based (DSL "Modem" is a Frame Relay endpoint). Here in the US, other DSL "modems" are ATM devices. So when we are talking about PPPoE/PPPoA/PPTP we should say so since that is more relevant that the Layer 2 protocol (DSL/ADSL) on the wire between the "modem" and the local CO ("Central Office"). b) Mandrake''s GUI tools don''t do a good job of configuring Shorewall. When in doubt, uninstall the Mandrake Shorewall RPM, install mine and follow the relevant QuickStart Guide (http://www.shorewall.net/shorewall_quickstart_guide.htm) -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net