Router/Firewall Recommendation
Alejandro Calbazana
acalbaza at calbazana.com
Fri Jun 25 11:41:10 UTC 2004
Thanks for everyone's input :)
After analyzing my requirements, I think that a router will work fine for
now. However, when I add additional services and machines, I will be
bringing back my trusty and dusty old P3 machine running iptables. This box
is pretty stripped down and secured to the best of my ability. I've gone so
far as to place an IDS on it for good measure. Overkill maybe, but it keeps
me sane.
The points made about both ICMP and forged packets are good ones. I forgot
about these... A router (at least the one I have blinking at me) isn't
going to handle these properly where a few rules in iptables can drop and
log these easily enough. I forgot about these simple exploits.
All that said... When it comes time to add a firewall what is the best
practice if I were to put it into the mix with a router? If anything, I
just want to satisfy my own curiosity about this particular
configuration.... Would it be something like:
Internet->Firewall (iptables)->Router->LAN Or
Internet->Router->Firewall (iptables)->LAN
This first setup makes more sense to me as the f/w is the first point of
contact where packets are inspected then forwarded, dropped, and/or logged
before getting routed to the internal LAN.
Thanks Again!
Alejandro
More information about the redhat-list
mailing list