Router/Firewall Recommendation
Mike Burger
mburger at bubbanfriends.org
Tue Jun 22 11:19:35 UTC 2004
On Mon, 21 Jun 2004, Jason Dixon wrote:
> On Jun 21, 2004, at 10:51 PM, Alejandro Calbazana wrote:
>
> > I was looking for some recommendations on using a standalone RH
> > machine as a
> > firewall. Right now, I have an older Linksys router which I use as a
> > standalone router for my broadband connection. I was considering
> > placing a
> > firewall behind my router. Other than being overly paranoid, I'd like
> > to do
> > this b/c i like the logging capability of iptables and iptables has
> > much
> > more flexibility as far as rules go. The Linksys router simply routes,
> > forwards, and does rudimentary logging. My questions are:
> >
> > 1. Is the overkill from a home network?
>
> Not if the Linksys only performs basic NAT/routing. You'd be smart to
> add an advanced filtering device.
The Linksys' NAT/firewalling can probably be turned off, making it just a
router...definitely not overkill, but possibly not necessary.
> > 2. Should I just use my linux box as a router AND a firewall and ditch
> > the
> > Linksys appliance all together?
>
> If you're going to use the Linux firewall, the Linksys really is
> unnecessary. All it adds is an extra layer of
> complexity/routing/failure.
This really does depend on the nature of the broadband connection,
though. What is connected to the other side of the router? Is it a
Cable/DSL modem, or is it the actual broadband linke?
What I've done with my Netopia Cayman router is turned it into just a
router...I turned off the firewalling on that unit, completely, and am
letting my FC1/iptables firewall handle all firewall/NAT/Masq duties.
> > 3. If there is room for both, how might the router allow traffic to
> > flow to
> > the machine I designate as my firewall?
>
> You'd end up with 2 layers of NAT translation. Way unnecessary.
Not necessarily true. Again, this depends on the nature of the Linksys
router, how its connected, etc.
--
Mike Burger
http://www.bubbanfriends.org
Visit the Dog Pound II BBS
telnet://dogpound2.citadel.org or http://dogpound2.citadel.org:2000
To be notified of updates to the web site, visit
http://www.bubbanfriends.org/mailman/listinfo/site-update, or send a
message to:
site-update-request at bubbanfriends.org
with a message of:
subscribe
More information about the redhat-list
mailing list