Not that this is so suprising, but as a counter offer to Stork Net‘s pleasant demeanor, they’re the anti-happy mom discussion site: Sybermoms. I lifted this from the homepage:

Are other parent support groups driving you crazy? Are you tired of those parent support groups’ heavy-handed moderation, behind-the-scenes bickering and excessive use of {{{{{HUGS}}}}}? Do smiley faces following hateful statements at other parent support groups make you scream?

If you just want to be yourself, break out of the mold and tell the world what you really think, then Sybermoms is the parent support group for you.

We are mothers living outside of the lines. We attract grrrrls, professionals, students, SAHMs, etc etc all with the commonality of being slightly against the grain in our own unique ways. We don’t beat around the bush when expressing our opinions and yet we offer the most sincere support when a member really needs it. We stand united against any form of child abuse or self destructive behaviour and we stand for the empowerment and advancement of the family unit as well as self empowerment and satisfaction. We are just so damn hip and cool.

We are a diverse, irreverent group of women, some of whom have been posting together on parent support groups for years. If you are a thick-skinned, bitchy chick, you’ll fit in here. Have fun!

I don’t have to tell you that these women are crass, at best! I guess that every mom isn’t coated with sugar. Salty is ok too, I guess. Meg is still vacilating as to whether or not she plans on participating in the often off-color discussion threads. I think she’s leaning toward that of a casual observer, and not a full blown participant.

Anyway, I hope that every got what they wanted and/or what was coming to them in 2002, and that 2003 brings mo’, mo’, mo’!

Happy New Year.

I received an email from They want to host my site. Anyway, I went to their site to check them out. I do have to say that they have a very appealing website. In particular, checkout the Services page, and then mouse-over the services. The little animations are really funny.

The site has another cool featrure, and that’s the Additional Site Navigation menu in bottom left. The printer friendly option is cool. Obviously someone at ADDR spent time on the site. There’s a fine line between what sucks and what’s awesome on the web, and this site is definately on the top end of the good website scale.

You’re not going to beleive this but I just looked at my Amex stmt, and CI Host charged my CC for $130 on 2/11. Not only did the charge show up, it’s with a different merchant name. This is just proof that this company is a pit of snakes.

Amex has removed the charge and has sent it out for review. I’ll keep you posted.

Just to let everyone know, CI Host accepted the complaint, and reversed the charge. I guess the folks at CI Host wanted to see if they could get away with randomly charging former customers. I bet there are other former customers like myself that were charged, but didn’t pay attention to their bill and payed this random charge. Ya know, if CI Host wants to steal, maybe they should get more creative.

I received an email the other day from John N. He posted some comments to the CI Host Sucks thread. Well, as it turns out, Chris Faukner of CI Host read my weblog (w00t!), and was non-plussed by what John N had to say, and emailed him with the following:

“We will seek injunctive relief Monday in Tarrant County for your slanderous statements.”

So, obviously he emailed me and asked if I would delete the comments. Solely because I’m a nice guy did I do just that. Of course, I did save the archive page as a Web Archive in IE6 so I can look back on it and laugh some day. See, it just goes to show you; you never know who’s watching!

In the last year and a half (or so), I have used five different Linux firewall distros or scripts to protect my home network from the evils of the net, and to provide NAT. If you don’t know, NAT is short for Network Address Translation. It is also referred to as Masquerading. This is the process of allowing n-number of machines on a private LAN to share a single public IP address.

NAT can be accomplished a number of different ways. The most common method in residential settings is a Cable/DSL router from vendors such as Linksys, DLink, and Netgear. These devices are often paired up with an internal WiFi access point. The benefit to the end user in using such devices is ease of setup, and low cost. Unfortunately, what you gain from that, you loose in flexibility of configurations, and a robust feature set. The only catch with using a Linux firewall, is you need a donor PC.

After using a 256/256 SDSL line for a year and a half, I switched over to a cable modem. As a result of the switchover, I lost my static IP addresses (I had 13), and therefore required NAT for my LAN machines to continue accessing the Internet. Since I had been learning/hacking away at Linux for a few months, I decided to setup a machine as a dedicated firewall. The machine I eventually used was my first Linux box (“reggie”), and I purchased a new machine (“jordyn”) to take its place.

So, like any good Linux h4x0r3, I mulled around the Netfilter/IPTables mailing list, and the #debian IRC channel. After a few quick HOWTO’s, I was NAT’ing my whole LAN onto the the Net. Now, if you know anything about me, I have an overwhelming need to over engineer any solution. Like Tim “The Toolman” Taylor used to say, “I need more power! <grunt> <grunt>”. It was this desire that has resulted in my home LAN being behind so may solutions in so little time.

I figured that it would be beneficial to my fellow über-geeks to share my experiences. I will enumerate each setup and give the pros and cons that I found with each.

  • MonMotha’s (Pentium 166, 64MB, 2.6GB)
  • The first attempt at a “structured” approach to a Linux firewall was MonMotha’s. This is a Bash script that you edit by hand. The settings are near the top of the file, and you edit accordingly. My only big beef is that I contributed to his script, and didn’t get a shout-out. Oh well, I don’t use it any more anyhow.

    • Pros
      • Light weight and simple to use
      • Run on any 2.4 distro with either the netfilter/iptables modules loaded or compiled into the kernel
    • Cons
      • Light weight and therefore doesn’t have an large feature set
      • No sort of GUI for configuration.
      • No native software RAID support
      • Dynamic DNS support must be setup separately
  • BBIagent (Pentium 166, 64MB, 2.6GB)
  • I found out about BBIagent from a Windows XP tweak site, ironically so. Unfortunately, I can’t remember the site, or I would post the link to the article. This full fledged firewall distro resides on a single floppy disk. You goto their website, fill in a form about the target machine this will run on, and you then download an img that you load onto a 3.5″ 1.44MB floppy. The admin GUI is a Java applet that you download separately, and then upload to the firewall once it’s up and running.

    • Pros
      • Single floppy install
      • Highly fault tolerant (don’t worry about power failures corrupting a hard drive)
    • Cons
      • No persistent of port forwarding definitions and packet filtering rules
      • Limited feature set
      • No native software RAID support
      • No update checks
      • No Dynamic DNS support
  • Smoothwall (Pentium 166, 64MB, 2.6GB)
  • This is actually a commercial product based on Linux. The folks at Smoothwall Ltd. have released the commercial product in an open source community edition also. The product is actually quite nice. It comes with a decent web based GUI, and it has support for a DMZ. My main objection to Smoothwall is the fact that support is an IRC channel populated by some of the rudest basement dwellers of all time (the RTFM Mafia as I like to call them). One in particular is Hilton Travis. This guy is a grade A prick. Oh well. The mailing list is equally insulting.

    • Pros
      • Full distro
      • Web based admin
      • DMZ support
      • Dynamic DNS Support
    • Cons
      • Horrific support
      • Not quite “there”
      • No native software RAID support
      • Update check must be initiated manually
  • Clark Connect (Pentium II 233, 128MB, 2.0GB)
  • This is another community edition of a commercial product. This is also the first use of “frankie”, my latest machine (in a 2U chassis none the less!). Turned out I couldn’t put another NIC into “reggie”, so I built a new machine from eBay parts. I named the new machine “frankie”, because Frankenstein was too much to type. CC (as the insiders call it) has a nice and friendly feel. Once nice feature is its ability to “phone home”, so you can pay for Point Clark Networks’ Gateway Services. The only problem that I found was the there was no ability to define packet filtering rules without logging into the box via an SSH session, and execute the iptables commands yourself. Also, to make use of my Windows 2003 server (“mattingly”) as a VPN server, I needed to add the GRE forwarding rules myself.

    • Pros
      • Full distro
      • Friendly threaded support forum
      • Easy setup
      • Dynamic DNS support via Clark Connect’s DNS
    • Cons
      • Limited DMZ Support
      • Update check must be initiated manually
      • No packet filtering rules
      • No native software RAID support
  • Astaro Security Linux (Pentium III 400, 256MB, 8.4GB)
  • ASL, as its known, is a commercial product. The latest version, and the one I’m using, is 4.007. For home use only, you can obtain a license that allows you to use the product with a slightly reduced feature set. If you pledge to support the forums, you can get a power user license that will allow you to use the entire product. If you noticed, the hardware specs changed. ASL requires much more horsepower than the other packages. Then again, this isn’t the other packages. PPTP, extensive proxies (SMTP, HTTP, POP3), DMZ, VLAN, and threat analysis are just a sample of what it can do. According to the specs, ASL will support 20 NICS! So, next time you have 5 quad NIC’s handy, plop them into your ASL.

    I have been using ASL for about a week now. After a couple of trial and error attempts, I was able to setup PPTP from my XP box at work to the ASL box at home. Also, I have started to play with the built-in HTTP proxy. Unfortunately, even though I can authenticate users against my Active Directory server (!), ASL is using Squid 2.4, and for NTLM support, you need 2.5. I’m waiting. If they implement that, then I have no need to install an ISA Server at work.

    • Pros
      • Full distro
      • Very hardened security
      • Excellent web admin interace
      • Extensive NAT and packet filtering rules
      • RADIUS, NT-SAM, and LDAP (MS, Novell, OpenLDAP) user authentication
      • PPTP endpoint (only supports RADIUS and internal userlist for user auth)
    • Cons
      • hefty minimum hardware requirements
      • No Dynamic DNS support
      • No native software RAID support
      • No NTLM authentication for HTTP Proxy

    Just as a point of note. I tried Mitel Networks’ SME Server in between Smoothwall and ClarkConnect. IIRC, there was no clear DMZ support, and therefore I moved past it. Once feature of SME Server though was native software RAID support. As you can see though, I’ve had experience with enough packages in such short time, that I can speak intelligently (I think) on the topic. If you want the “Jerry’s Last Words”, I would recommend Smoothwall if hardware is an issue, but if you can spring for a beefier platform, go ASL.