On Sat, Feb 15, 2003 at 03:39:01PM -0500, Roberto Sanchez wrote: > I am planning on getting DSL in the near future, so I have been considering > what to do about a firewall. > > My intended setup is like this: > > www -> DSL modem -> cable/DSL router w/ hardware FW -> small LAN > > However, I would still like to have a firewall on each individual machine. Ack. Why not just go with Internet <-> DSL bridge[1] <-> i80486 running Debian, 2.4 kernel with IP connection tracking enabled, with ipmasq package installed <-> small LAN. This is, in the long run, a simpler, easier to maintain and reasonably secure solution since you can easily, cheaply update Debian but not hardware. "But my Linksys network appliance will let me flash it's BIOS!" Do you honestly trust something that hasn't had too many eyeballs on it to be very secure? I don't expect these to do stateful firewalling, which Linux will do. Stateful firewalling allows you to use things like ICQ, IRC and online games through NAT without serious problems. I would make the boxen on the LAN reasonably secure without resorting to firewalling, it'll only serve as a source of much irritation and needless complication when you want to set something up for all the machines to use.... [1] These are not modems. They are usually ethernet to DSL bridges. -- .''`. Baloo <baloo@ursine.dyndns.org> : :' : proud Debian admin and user `. `'` `- Debian - when you have better things to do than to fix a system
Attachment:
pgpUuc96ePzTe.pgp
Description: PGP signature