In my last entry, I was complaining about how I wasn’t able to get my laptop to work either at home or at school.

My major problem was dealing with the issue of how to treat my wireless and wired ethernet cards (Wifi used at school and wired at home) differently for the purposes of Shorewall. It was not until reading more documentation on the Shorewall website was I able to figure out the hosts file and get my laptop to understand that the home zone was a subset of the net zone.

I decided to treat North Central as a hostile environment, though it would be less hostile than hanging this machine off a cable modem directly. Me, being the paranoid security nut that I am, chose the more secure environment. Nearly everything is closed off, particularly anything inbound not directly related to my browsing or other activities.

For home, I have opened up SSH and FTP (inbound and outbound), the two services I regularly use on my home network. If I need more, I can always add rules or take down the firewall temporarily. Of course, the same outbound connections are enabled so that I can connect to the internet using my desktop machine as a gateway.

Now that I have a better understanding of Shorewall and its internals, I have decided that it is very cool. It does a great job of blocking unusual traffic and common spoofed traffic while making it easy to configure what traffic should go through.

Over the last few days, I have been struggling with getting Shorewall to open up the holes I want in the firewall on my laptop so that I can browse the web, use AIM, and such. Defiant is behind a NAT’ed firewall at North Central, but I would prefer to not have to run without my own firewall.

TechTV just yesterday released the newest iteration of their chat, and it is quite a nice system. They decided to run Jabber on an in-house server. This is likely a wise decision due to their problem in the past with proprietary chat services.

The default and preferred method of connecting to their chat system is through their Java Jabber applet, but it is possible to connect to their server with a standard client. I will not reveal those details here, in case TechTV does not want those released, but it makes it nice to use TKabber under Linux, where Java support can get a little hairy if not set up properly.