Home Networking
David Mandala
plug-discuss@lists.PLUG.phoenix.az.us
Fri, 11 Jan 2002 14:43:02 -0700
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C19AE8.F224E940
Content-Type: text/plain;
charset="iso-8859-1"
Works ok as long as you don't have any MS boxen exposed to the net in this
fashion. You are only 1 step away from NAT at this point and much more
secure with the addition of NAT.
> -----Original Message-----
> From: Lisa Winkler [mailto:lmw@po.cwru.edu]
> Sent: Friday, January 11, 2002 1:54 PM
> To: plug-discuss@lists.PLUG.phoenix.az.us
> Subject: Re: Home Networking
>
>
> I am probably going to get flamed by the more security-minded
> people in the group, but....
>
> I wanted real-world IPs. I didn't want the hassle of IP
> Masquerading. So, instead of a firewall I have an old P-60
> with 2 NICs set up as a bridge, with IP Filter running on
> them. Cable modem comes in NIC 1, IP Filter drops any
> packets I don't want on my network, and the rest go back out
> through NIC 2 to my hub and on to my other 2 boxes. The
> "firewall" box is headless; I have a 3rd NIC that I use to
> administer it, but I can only get into it from within my
> network since it has a private IP. Because there is no way
> of reaching it from the outside world (short of breaking into
> one of the other boxes on my network I suppose) I don't worry
> too much about it being hacked.
>
> IMO this was a much easier setup than NAT, and less worrisome.
>
> Lisa
>
> On Fri, 11 Jan 2002, Technomage wrote:
>
> > I did that here without a problem....
> >
> > I use 2 nics in the box and it handles NAT/port forwarding without
> > much fanfare (in fact, I am seding this message from a box
> behind the
> > linux router/firewall).
> >
> > Technomage
> >
> > "Bruner, Andrew" wrote:
> > >
> > > I'm getting Cox@home and plan on using a Linux box as a
> firewall. Do I need
> > > to also configure it as a router? Should I just go out
> and buy a router? Do
> > > I need a router at all? I have an 8 port hub that I was
> planning on using in
> > > conjunction with the Linux box as a firewall. Will that work?
> > > Thanks for any comments.
> > > -Andrew
> > > ________________________________________________
> > > See http://PLUG.phoenix.az.us/navigator-mail.shtml if
> your mail doesn't post to the list quickly and you use
> Netscape to write mail.
> > >
> > > PLUG-discuss mailing list -
> PLUG-discuss@lists.PLUG.phoenix.az.us
> > > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> >
> >
>
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your
> mail doesn't post to the list quickly and you use Netscape to
> write mail.
>
> PLUG-discuss mailing list - PLUG-discuss@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
------_=_NextPart_001_01C19AE8.F224E940
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2653.12">
<TITLE>RE: Home Networking</TITLE>
</HEAD>
<BODY>
<P><FONT SIZE=3D2>Works ok as long as you don't have any MS boxen =
exposed to the net in this fashion. You are only 1 step away from NAT =
at this point and much more secure with the addition of NAT.</FONT></P>
<P><FONT SIZE=3D2>> -----Original Message-----</FONT>
<BR><FONT SIZE=3D2>> From: Lisa Winkler [<A =
HREF=3D"mailto:lmw@po.cwru.edu">mailto:lmw@po.cwru.edu</A>]</FONT>
<BR><FONT SIZE=3D2>> Sent: Friday, January 11, 2002 1:54 PM</FONT>
<BR><FONT SIZE=3D2>> To: =
plug-discuss@lists.PLUG.phoenix.az.us</FONT>
<BR><FONT SIZE=3D2>> Subject: Re: Home Networking</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> I am probably going to get flamed by the more =
security-minded </FONT>
<BR><FONT SIZE=3D2>> people in the group, but....</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> I wanted real-world IPs. I didn't want =
the hassle of IP </FONT>
<BR><FONT SIZE=3D2>> Masquerading. So, instead of a firewall I =
have an old P-60 </FONT>
<BR><FONT SIZE=3D2>> with 2 NICs set up as a bridge, with IP Filter =
running on </FONT>
<BR><FONT SIZE=3D2>> them. Cable modem comes in NIC 1, IP =
Filter drops any </FONT>
<BR><FONT SIZE=3D2>> packets I don't want on my network, and the =
rest go back out </FONT>
<BR><FONT SIZE=3D2>> through NIC 2 to my hub and on to my other 2 =
boxes. The </FONT>
<BR><FONT SIZE=3D2>> "firewall" box is headless; I have a =
3rd NIC that I use to </FONT>
<BR><FONT SIZE=3D2>> administer it, but I can only get into it from =
within my </FONT>
<BR><FONT SIZE=3D2>> network since it has a private IP. =
Because there is no way </FONT>
<BR><FONT SIZE=3D2>> of reaching it from the outside world (short of =
breaking into </FONT>
<BR><FONT SIZE=3D2>> one of the other boxes on my network I suppose) =
I don't worry </FONT>
<BR><FONT SIZE=3D2>> too much about it being hacked. </FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> IMO this was a much easier setup than NAT, and =
less worrisome.</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> Lisa</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> On Fri, 11 Jan 2002, Technomage wrote:</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> > I did that here without a =
problem....</FONT>
<BR><FONT SIZE=3D2>> > </FONT>
<BR><FONT SIZE=3D2>> > I use 2 nics in the box and it handles =
NAT/port forwarding without </FONT>
<BR><FONT SIZE=3D2>> > much fanfare (in fact, I am seding this =
message from a box </FONT>
<BR><FONT SIZE=3D2>> behind the</FONT>
<BR><FONT SIZE=3D2>> > linux router/firewall).</FONT>
<BR><FONT SIZE=3D2>> > </FONT>
<BR><FONT SIZE=3D2>> > Technomage</FONT>
<BR><FONT SIZE=3D2>> > </FONT>
<BR><FONT SIZE=3D2>> > "Bruner, Andrew" wrote:</FONT>
<BR><FONT SIZE=3D2>> > > </FONT>
<BR><FONT SIZE=3D2>> > > I'm getting Cox@home and plan on =
using a Linux box as a </FONT>
<BR><FONT SIZE=3D2>> firewall. Do I need</FONT>
<BR><FONT SIZE=3D2>> > > to also configure it as a router? =
Should I just go out </FONT>
<BR><FONT SIZE=3D2>> and buy a router? Do</FONT>
<BR><FONT SIZE=3D2>> > > I need a router at all? I have an 8 =
port hub that I was </FONT>
<BR><FONT SIZE=3D2>> planning on using in</FONT>
<BR><FONT SIZE=3D2>> > > conjunction with the Linux box as a =
firewall. Will that work?</FONT>
<BR><FONT SIZE=3D2>> > > Thanks for any comments.</FONT>
<BR><FONT SIZE=3D2>> > > -Andrew</FONT>
<BR><FONT SIZE=3D2>> > > =
________________________________________________</FONT>
<BR><FONT SIZE=3D2>> > > See <A =
HREF=3D"http://PLUG.phoenix.az.us/navigator-mail.shtml" =
TARGET=3D"_blank">http://PLUG.phoenix.az.us/navigator-mail.shtml</A> if =
</FONT>
<BR><FONT SIZE=3D2>> your mail doesn't post to the list quickly and =
you use </FONT>
<BR><FONT SIZE=3D2>> Netscape to write mail.</FONT>
<BR><FONT SIZE=3D2>> > > </FONT>
<BR><FONT SIZE=3D2>> > > PLUG-discuss mailing list =
- </FONT>
<BR><FONT SIZE=3D2>> PLUG-discuss@lists.PLUG.phoenix.az.us</FONT>
<BR><FONT SIZE=3D2>> > > <A =
HREF=3D"http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss" =
TARGET=3D"_blank">http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-=
discuss</A></FONT>
<BR><FONT SIZE=3D2>> > </FONT>
<BR><FONT SIZE=3D2>> > </FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> =
________________________________________________</FONT>
<BR><FONT SIZE=3D2>> See <A =
HREF=3D"http://PLUG.phoenix.az.us/navigator-mail.shtml" =
TARGET=3D"_blank">http://PLUG.phoenix.az.us/navigator-mail.shtml</A> if =
your </FONT>
<BR><FONT SIZE=3D2>> mail doesn't post to the list quickly and you =
use Netscape to </FONT>
<BR><FONT SIZE=3D2>> write mail.</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> PLUG-discuss mailing list - =
PLUG-discuss@lists.PLUG.phoenix.az.us</FONT>
<BR><FONT SIZE=3D2>> <A =
HREF=3D"http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss" =
TARGET=3D"_blank">http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-=
discuss</A></FONT>
<BR><FONT SIZE=3D2>> </FONT>
</P>
</BODY>
</HTML>
------_=_NextPart_001_01C19AE8.F224E940--