It's a home box, rite now I just flip the power switch on my router when I sit down and maybe a few times while working (when being stormed). If I have to convert the available box over to a dedicated system then I may, but I also may just keep manually rebooting the Netgear. It is an intermittent, but annoying, problem. Though I suppose since my TV died I don't need a box hooked to my TV until I replace it anyway ;) It's mostly a case of the cobblers children having no shoes. I would never have allow comingled device for my clients, but I don't mind having one for my self. That and routing should not take that much power, after all high end embedded are designed to run on a PIII 500, my tv box way out strips this :) As for exposing everything on the network I would only expose one box, the one running the firewall. Everything else would be sitting behind the firewall that currently suffers the reboot when flooded problem. Basically if I can not find a decent co-mingled product it is better to suffer the five days a month I have storm issues then to argue home esthetics with my wife. Although I was looking forward to being able to running things like snort and squid on the boarder box as well as having better logging then what my router currently does. However, again, it's not worth arguing with a pregnant wife that I need to put up another pair of minitowers, one box as a firewall/router and then another rite next to it as a proxyserver/monitor and then the router I have now. And then to tell her she can't surf on the main tv anymore would defiantly not be worth it. Please remember, this is my home not a business, each box is independently firewalled, I encrypt all traffic on my privet net, and all but one box would sit behind the current firewall appliances. Again, perhaps I am just an idiot but I don't see how this is so bad? I am guessing there are people on this list running wireless networks with WAP and not encrypting traffic between their boxes so having a boarded box not running a dedicated distribution does not seem like heresy. Can one of the experts tell me (please) in hard numbers how having a co mingled boarder router that forwards approved traffic to an internal firewall router that then handles an internal net where all traffic is encrypted and each box has an internal firewall is so much worse then the average set up on the this list? Because I am seriously missing something as I just don't see how this substantially increases my risk beta. -----Original Message----- From: plug-discuss-bounces@lists.plug.phoenix.az.us [mailto:plug-discuss-bounces@lists.plug.phoenix.az.us] On Behalf Of kitepilot@kitepilot.com Sent: Tuesday, March 31, 2009 3:59 AM To: Main PLUG discussion list Subject: Re: decent non-embeded firewall (my worthless 2 cents) >> allowing me to keep the box hooked up for its "tv" centric features. DON'T!!! A firewall, is a firewall and is a firewall. In my perpetually delusional state of paranoia, I don't allow ANYTHING not indispensable on my firewall. And even though, I look for ways to eradicate... My firewalls run in LFS with ONLY what is essentially needed for the job. I even tried once "Debian from Scratch" and could not digest the amount of junk they insisted on putting in. my mantra: DO NOT USE YOUR FIREWALL FOR ANYTHING ELSE BUT THE FIREWALL. YMMV Enrique. PS: The fact that I am paranoid doesn't mean that they are not after me... --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss