Seems like a waste to me. I tend to replace those routers WITH openbsd
boxes. As long as you keep the box updated and your pf rules sane (block
smb from outside world, etc) there is absolutely nothing to be worried
about really.
Kevin Roosdahl wrote:
Scenario:
5 PC's --- 10/100 switch -- OpenBSD -- Broadband router -- Internet
5 Windows XP workstations on a LAN connected to an OpenBSD server running
Samba, DHCP, DNS, SpamAssassin. A 2nd nic in the OpenBSD box goes to a
broadband internet connection and PF is enabled and configured securely.
Ideally, you want to layer your security services and not run your firewall
and file server on the same box, but in a small budget operation that's not
always feasible.
Would it be preferred to hide the OpenBSD server behind a NAT broadband
router (Linksys, Dlink, etc) that the client likely already has in place?
Is that extra layer of protection worth the inconvenience?
I'd like to create a simple product for SOHO customers for file storage, DVD
backups, spam/virus filtering, etc. It's obviously going to be more secure
than the same 5 PC's behind the NAT router alone, but should I recommend the
box is behind a NAT router for that extra level of protection or is that
just a false sense of security?
Comments?
