Saturday, December 19, 2009

Linux Netbook Use Case: EVDO/Wifi Firewall to protect your "Big Company" XP Laptop

So if you've used any large enterprise XP image you know they are awful.

The larger the company, the worse the build. They are slow. They crash all the time. They have a zillion agents running doing God knows what and they probably have the firewall disabled.

But you want to do the "right thing" and actually follow policy and NOT put Linux on the lovely Dell hardware they give like you used to do "back in the day."

And you don't want to run these in a coffee shop or an untrusted network. But I feel reasonably safe about running my Ubuntu S10-2 in relatively hostile environments.

Because most modern NICs (including the Broadcom's in most Atom-based netbooks) have auto-MDX so you can just directly plug in your laptop into the unused Ethernet on your Netbook after doing the following:

1) Configure a static address on the eth0 in (/etc/network/interfaces) making sure it is not an network you actually use (DOH!)
2) Make the appropriate change to sysctl.conf (if you have to ask...)
3) Install dnsmasq for DNS and DHCP (an apt-get away)
4) Add whatever iptables rules you want to rc.local (or run manually because if the ppp0 interface is not up it may not work)

Sometimes I share over the Wifi others I use my EVDO card.

Bottom line: it just works.

Bonus: you get to see whatever the hell all those pesky agents are doing when they phone home to your corporate network over the Internet.

No comments: