On Fri, 05 Mar 2004 12:29, Yuri de Groot wrote: > On Fri, 05 Mar 2004 12:00, you wrote: > > Thanks all, some good info there. > > > > In this day and age I know it is a 'really good idea'(tm) to run some > > kind of seperate firewall box... But for years now I been running open > > behind a ethernet adsl router. At first I thought my system was > > invincible (coz its linux, right? ;) ) but later realised it was because > > of NAT. > > > > So my question is, exactly how bad would it be if I connect the cable > > modem directly into my linux box? of course with some pretty agressive > > iptable settings (or something) > > > > or should I start scrounging for parts now ;) > > > > Nic. > > The TelstraClear cable modems do not do NAT. We may not be talking about the same modems here, but the one I was issued with by Telstra/Clear/Paradise has a built-in dhcp server. It allocates upto 32 addresses if it's enabled - T/C/P don't by default. So doesn't that mean that NAT is available if you want it? I'd appreciate somebody clearing up my misunderstanding if indeed I have one. > You can either buy a router that does NAT - effectively a hardware > firewall, or you can put IPCop on an older or low-spec PC that you've > scrounged from parts, or plug it straight into your always patched, > iptabled linux workstation (better than plugging into windows box but not > as good a separate firewall).
I use a 25MHz '486 ( !!! ) from IBM to host an IPCop. The installer tech. had never seen a firewall before! :-) It can saturate my 30 kbyte / sec Cable Connection, which I can wholeheartedly recommend. Like many other things we love and care about, 'It just works'. My experience has been that IPCop + Telstra / Clear / Paradise are an ideal combination for 'Net access. -- Sincerely etc. Christopher Sawtell NB. This PC runs Linux. If you find a virus apparently from me, it has forged the e-mail headers on someone else's machine. Please do not notify me when this occurs. Thanks.
