Fred,
My experience is with the Netgear RT314, but the Linksys 1/4/8 port Cable
Modem Router/switch perform almost the same function. These routers allow
for port redirection true, but there is one small caveat. If I understand
correctly you want to telnet to several different boxes inside your network
from outside. You can accomplish this, but not directly. These routers only
allow for port forwarding of any single port to any single host, different
ports may go to different host true, but you may only port forward telnet to
a single machine on your internal network. However you could setup that
machine to then telnet to all your other internal hosts. From a security
perspective this would be more secure because you are only directly exposing
a single host to the outside. The filters, although difficult to setup in
some cases, allow for quite robust filtering/logging (Linksys does not
support syslog, Netgear does). The routers are also usually pretty secure
out of the box, although I would recommend adjusting the filters to drop ALL
Source-Routed packets and ALL RFC 1918 addresses that originate from outside
the router. These are the two biggest weaknesses of these little routers,
otherwise they make an excellent first layer of defense, especially when
used with some host based firewall such as Zone Alarm or Black Ice. I use it
for my terminal server and a webserver and it has server me extremely well.
So far I have not seen any security advisories concerning any of these
devices, check www.practicallynetworked.com for more in depth reviews and
performance comparisons of the different models/manufacturers, it is an
excellent site.
PS I have a Cisco 1605R 12.1(5)T and I am using it alongside my Netgear
RT314, so far I have not been able to find a way to "Port Forward" on the
Cisco Device. I am using DHCP to get an address from my Cable Provider and
that works great, but I cannot "Map" a port to an internal address. I would
love for someone to correct me on a way to do this, AFAIK this is one of the
only advantages these little $100-$200 Cable Modem routers have over there
big brother Cisco routers. Otherwise they have less RAM/CPU resources and
are not hardware upgradeable.
Ken Claussen MCSE CCNA CCA
"The Mind is a Terrible thing to Waste!"
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Fred Danson
Sent: Saturday, April 14, 2001 4:24 PM
To: [EMAIL PROTECTED]
Subject: NAT capabilities of small Netgear/Linksys router [7:657]
Hey Group,
I am considering buying a small Netgear/Linksys router so I can link my
computer, terminal server, and power supply to the internet through my cable
modem using NAT (actually it would be considered NAT overload or PAT, but
Netgear and Linksys call it NAT). All of the Netgear/Linksys advertisements
that I have seen are very vague about their NAT capabilities.
My goal is to have the ability to telnet to any of my inside devices from an
outside location. To do this, I would need to setup static PAT tables,
right? Does anyone know if any of these small routers support this?
Thanks in advance,
Fred
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=670&t=657
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
