On Mon, 21 Jun 2004, Jason Dixon wrote: > On Jun 21, 2004, at 10:51 PM, Alejandro Calbazana wrote: > > > I was looking for some recommendations on using a standalone RH > > machine as a > > firewall. Right now, I have an older Linksys router which I use as a > > standalone router for my broadband connection. I was considering > > placing a > > firewall behind my router. Other than being overly paranoid, I'd like > > to do > > this b/c i like the logging capability of iptables and iptables has > > much > > more flexibility as far as rules go. The Linksys router simply routes, > > forwards, and does rudimentary logging. My questions are: > > > > 1. Is the overkill from a home network? > > Not if the Linksys only performs basic NAT/routing. You'd be smart to > add an advanced filtering device. The Linksys' NAT/firewalling can probably be turned off, making it just a router...definitely not overkill, but possibly not necessary. > > 2. Should I just use my linux box as a router AND a firewall and ditch > > the > > Linksys appliance all together? > > If you're going to use the Linux firewall, the Linksys really is > unnecessary. All it adds is an extra layer of > complexity/routing/failure. This really does depend on the nature of the broadband connection, though. What is connected to the other side of the router? Is it a Cable/DSL modem, or is it the actual broadband linke? What I've done with my Netopia Cayman router is turned it into just a router...I turned off the firewalling on that unit, completely, and am letting my FC1/iptables firewall handle all firewall/NAT/Masq duties. > > 3. If there is room for both, how might the router allow traffic to > > flow to > > the machine I designate as my firewall? > > You'd end up with 2 layers of NAT translation. Way unnecessary. Not necessarily true. Again, this depends on the nature of the Linksys router, how its connected, etc. -- Mike Burger http://www.bubbanfriends.org Visit the Dog Pound II BBS telnet://dogpound2.citadel.org or http://dogpound2.citadel.org:2000 To be notified of updates to the web site, visit http://www.bubbanfriends.org/mailman/listinfo/site-update, or send a message to: site-update-request@xxxxxxxxxxxxxxxxx with a message of: subscribe -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
