Router/Firewall Recommendation

Mike Burger mburger at bubbanfriends.org
Tue Jun 22 11:19:35 UTC 2004 

On Mon, 21 Jun 2004, Jason Dixon wrote:

> On Jun 21, 2004, at 10:51 PM, Alejandro Calbazana wrote:
> 
> > I was looking for some recommendations on using a standalone RH 
> > machine as a
> > firewall.  Right now, I have an older Linksys router which I use as a
> > standalone router for my broadband connection.  I was considering 
> > placing a
> > firewall behind my router.  Other than being overly paranoid, I'd like 
> > to do
> > this b/c i like the logging capability of iptables and iptables has 
> > much
> > more flexibility as far as rules go.  The Linksys router simply routes,
> > forwards, and does rudimentary logging.  My questions are:
> >
> > 1. Is the overkill from a home network?
> 
> Not if the Linksys only performs basic NAT/routing.  You'd be smart to 
> add an advanced filtering device.

The Linksys' NAT/firewalling can probably be turned off, making it just a 
router...definitely not overkill, but possibly not necessary.

> > 2. Should I just use my linux box as a router AND a firewall and ditch 
> > the
> > Linksys appliance all together?
> 
> If you're going to use the Linux firewall, the Linksys really is 
> unnecessary.  All it adds is an extra layer of 
> complexity/routing/failure.

This really does depend on the nature of the broadband connection, 
though.  What is connected to the other side of the router?  Is it a 
Cable/DSL modem, or is it the actual broadband linke?

What I've done with my Netopia Cayman router is turned it into just a 
router...I turned off the firewalling on that unit, completely, and am 
letting my FC1/iptables firewall handle all firewall/NAT/Masq duties.

> > 3. If there is room for both, how might the router allow traffic to 
> > flow to
> > the machine I designate as my firewall?
> 
> You'd end up with 2 layers of NAT translation.  Way unnecessary.

Not necessarily true.  Again, this depends on the nature of the Linksys 
router, how its connected, etc.
-- 
Mike Burger
http://www.bubbanfriends.org

Visit the Dog Pound II BBS
telnet://dogpound2.citadel.org or http://dogpound2.citadel.org:2000

To be notified of updates to the web site, visit 
http://www.bubbanfriends.org/mailman/listinfo/site-update, or send a 
message to:

site-update-request at bubbanfriends.org

with a message of: 

subscribe

More information about the redhat-list mailing list