[geeks] Firewall *needed* behind home (NAT) router

Francois Dion francois.dion at gmail.com
Tue Feb 8 13:28:13 CST 2005


On Tue, 8 Feb 2005 18:43:51 +0000, Mike Meredith
<mike at redhairy1.demon.co.uk> wrote:
> On Mon, 7 Feb 2005 23:56:43 +0000, Lionel Peterson wrote:
> > Does a firewall make sense?
> 
> It makes sense (at least to a paranoid firewall administrator like me).
> The question is, is the administrative overhead worth it ? Perhaps not 
> for a simple home network.

I think Lionel's network doesn't qualify for "simple" :)

Seriously, I would put a firewall as the first line of defense. Beside
the inside and outside nics, add one for your DMZ as you mentionned.
Then add one more for wireless. Change the linksys to be an AP and put
it on that NIC. Note that I've posted about this before and DHCP wont
work on the wireless if it's assigned by the firewall. Ideal is to
always buy APs, not wireless routers (having said that, the router
version is always half the price of the AP version, strangely enough).

For firewall, Solaris 10 with ipf is pretty solid, imho.

Francois



More information about the geeks mailing list