Router/Firewall Recommendation

Otto Haliburton ottohaliburton at comcast.net
Tue Jun 22 18:48:24 UTC 2004 


> -----Original Message-----
> From: redhat-list-bounces at redhat.com [mailto:redhat-list-
> bounces at redhat.com] On Behalf Of Nathaniel Hall
> Sent: Tuesday, June 22, 2004 12:53 PM
> To: 'General Red Hat Linux discussion list'
> Subject: RE: Router/Firewall Recommendation
> 
> -----Original Message-----
> >>From: redhat-list-bounces at redhat.com
> [mailto:redhat-list->>bounces at redhat.com] On Behalf Of Alejandro Calbazana
> >>Sent: Monday, June 21, 2004 9:52 PM
> >>To: redhat-list at redhat.com
> >>Subject: Router/Firewall Recommendation
> >>
> >>Hello,
> >>
> >>I was looking for some recommendations on using a standalone RH machine
> as
> >>a firewall.  Right now, I have an older Linksys router which I use as a
> >>standalone router for my broadband connection.  I was considering
> placing
> >>a firewall behind my router.  Other than being overly paranoid, I'd like
> >>to do this b/c i like the logging capability of iptables and iptables
> has
> >>much more flexibility as far as rules go.  The Linksys router simply
> >>routes, forwards, and does rudimentary logging.  My questions are:
> >>
> >>1. Is the overkill from a home network?
> 
> What is wrong with being secure?
> 
> >>2. Should I just use my linux box as a router AND a firewall and ditch
> the
> >>Linksys appliance all together?
> 
> I would use the firewall on the outside and the Linksys on the inside if I
> did both, but I would probably only use the firewall.
> 
> >>3. If there is room for both, how might the router allow traffic to flow
> >>to the machine I designate as my firewall?
> 
> If you use both, the firewall will still route between its interfaces.
> All
> of you machines on the internal side would use the firewall as the default
> gateway and the firewall would use the Linksys as its default gateway.  If
> you want to setup a web or e-mail server, you would have to tell the
> Linksys
> to route certain ports to different machines that host the services and
> make
> the area between the Linksys and the firewall a DMZ.
> 
> >>Thanks,
> >>
> >>Alejandro

Just a thought, IMHO if you use a inksys router with nat then you do have a
firewall, in fact a very effective hardware firewall.  I don't think you can
get better performance and security at the same time.  I would put all my
computers behind the linksys router and forget it.

More information about the redhat-list mailing list