Is the firewall/router a linux box?
Andrew
At 05:15 PM 9/12/2006, you wrote:
Hey Andrew--
Kelsey beat me to the response to your original question, but I had
this all drafted up, so consider it the same sorta remarks that
Kelsey made, but in different words, just in case it helps.
In any case, don't hesitate to ask further questions or for
elaboration, as needed.
..j
[EMAIL PROTECTED] wrote:
Hello
I am about to put together a home based network that is connected
to a cable modem. My initial thoughts are to connect a router to
the cable modem and then a linux firewall box to the router. I
would then connect a hub or router to the linux firewall. The other
computers would then connect to the router. How does this approach
sound? Would it help make the system more secure than just using a
router as the firewall only?
If you are talking about hardware items you already own, you might start
off by describing them a bit.
In general, a firewall and a router both have to examine every packet
that goes by, so the operation can conveniently be done in one piece of
hardware running the packet-filtering software.
A common home network setup looks like this
\ | /
inet---cable-modem---router/firewall---switch--
/ | \
You may even have a commercial product that may be called a firewall
_or_ a router, which combines router firewall and switch functions.
These things come in little gray or black textbook-size or smaller
packages. You _could_ have 2 separate boxes for router and firewall
functions, but offhand I can't think of a real good reason.
\ | /
inet---cable-modem---router/firewall/switch--
/ | \
<Hey Stu or Carl, how about a lesson in ascii art?>
Forgive me if the following is too low-level or too much detail, but...
Anyway, the purpose of the switch is probably understandable, it
provides multiple connectors into which you can connect ethernet cables
to several machines on your internal home network (your private network
address space). You could also see a "hub" instead of a switch, but
these days, switches (which are better) are no more expensive than hubs.
The cable-modem is no doubt also familiar, it provides one ethernet port
providing your network connection to the internet -- and your public
address.
The router's usual purpose is to perform NAT (network address
translation), so that you can have several internal machines served by a
single assigned public address. The NAT operation rewrites the IP
addresses on-the-fly so that traffic is collected from and distributed
to the several internal machines.
The firewall's function is to prevent certain of the network packets
from getting from the outside world input to the inside world output (or
vice versa). Basically, the bad-guys' aren't allowed to talk to the
vulnerable inside goodies. (There's really a _whole lot_ more to it,
though).
Regards,
..jim
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
