On Fri, 05 Mar 2004 00:00, you wrote: > In this day and age I know it is a 'really good idea'(tm) to run some > kind of seperate firewall box... But for years now I been running open > behind a ethernet adsl router. At first I thought my system was > invincible (coz its linux, right? ;) ) but later realised it was because > of NAT. > > So my question is, exactly how bad would it be if I connect the cable > modem directly into my linux box? of course with some pretty agressive > iptable settings (or something)
I run a separate (Redhat based) linux box as a firewall / NAT router. I've been planning on trying out IPcop for this function now that it has Free/Swan ipsec support, which I currently use for VPN access to work, but haven't got a round tuit yet. You might also like to consider a low cost hardware router similar to the XH1151 from DSE www.dse.co.nz, which has firewall and NAT capability. RE: your earlier DOCSIS question. I'm pretty sure all the CM and CMTS equipment in Christchurch is DOCSIS compliant (the GE/Motorola surfboard CMs all are). The original CMs installed in Wellington were non DOCSIS com-21s or similar. That doesn't mean you can provide your own DOCSIS modem to save on the rental YET.
