|
![](/i/fill.gif) |
>>> No, I mean there's a *hardware* firewall in the way. You know, with the
>>> big Cisco sticker on it and the 3-digit price tag? (Although obviously
>>> that's only because I'm at work right now. My house doesn't have one of
>>> those...)
>>
You're off by two orders of magnitude. Most Cisco firewalls are in teh
5 digit price tag.
>> And that hardware firewall is completely incapable of forwarding ssh
>> connections? Pretty useless, I'd say.
>
> No, I don't have the password to configure it. (And besides, have *you*
> tried configuring Cisco stuff? It's not exactly intuitive. You probably
> need Certified Engineer status to figure it out.)
You don't need to be a Cisco Certified Internetwork Expert to figure it
out. The Cisco manuals are usually pretty easy to follow, and freely
available on their web site.
And it is actually pretty intuitive...
- Give each interface an ip address.
- Create your NAT tables.
- And off you go.
The only difference between a Cisco firewall and a D-link or NetGear
home router, besides performance and scalability, is that you can (and
should!) override the basic "everything outbound is ok, nothing inbound
can come in" configuration.
Just like you would with any other infrastructure firewall, whether
hardware (e.g.: Juniper, Netscreen, etc...) or software (e.g.:
Checkpoint) (Not talking about the software you run on your PC asking
you if it's ok for MSPAINT.EXE to run as a service)
--
/*Francois Labreque*/#local a=x+y;#local b=x+a;#local c=a+b;#macro P(F//
/* flabreque */L)polygon{5,F,F+z,L+z,L,F pigment{rgb 9}}#end union
/* @ */{P(0,a)P(a,b)P(b,c)P(2*a,2*b)P(2*b,b+c)P(b+c,<2,3>)
/* gmail.com */}camera{orthographic location<6,1.25,-6>look_at a }
Post a reply to this message
|
![](/i/fill.gif) |