Michael Wittman wrote: > On Mon, May 13, 2002 at 05:08:12PM -0700, Eric Richardson wrote: > >>Is anybody using the filtering, NAT, DHCP with cisco and what features >>for the Linux firewall. Maybe this is better for another thread. >> > > I'm using NAT on my 678. The default NAT settings seem to drop > incoming TCP connection packets, so I haven't even bothered to use > filtering. I assume UDP is dropped as well, based on my (Linux) > firewall logs. I've had to explicitly map some ports on the router to > ports on my Linux box so I could use services like ssh. > > When I was using dialup, I probably had 30 suspicious port access > attempts logged per month on my Linux firewall. With the 678, using > the same Linux firewall rules, I don't think I've seen a single one. I'm really new to this so I'm trying to figure out what is important. Some simple questions would really help me. Do you run the router to eth0-firewall-eth1 to switch or does the topology matter because of the layer of TCP being filtered? On the 678, are you using it as the DHCP for your clients as well and is it in PPP mode? Are you using any fixed IP's behind the router/firewall? I'm sure this isn't too hard but when you don't understand it all it is pretty difficult. I bought the Linux Firewalls book and am working on the a dual homed host for a firewall (2.4 iptables). Now with adding the DSL router in PPP mode I'm not sure what should do what. Does the router get a dynamic IP as well? Anyway, any insight would be much appreciated. Eric