[geeks] Firewall *needed* behind home (NAT) router

[Lionel Peterson]

Hello all,

I am re-thinking my home network, and I have a question for the list  do I
need a firewall?

My current home network consists of a Linksys home Cable/DSL Router/Wireless
AP, and all my machines hang off this device attached either directly or via
home switches. IP addresses for all machine are in the192.168.*.* network,
with Mac & WinXP machines getting addresses via DHCP (the servers have static
IPs). I have one DMZ machine, but it is not directly connected to the
Cable/DSL Router (network feed is in the upstairs den, the server is in the
basement).

All my machines are hiding behind NAT, and the only remote access I think I
need is to my DMZ server  though I can see the value in being able to log in
to my network over a VPN.

While I plan to re-wire my network (and get rid of one 10base-2 coax line to
the second floor), and upgrade my wireless APs to 802.11g, I wonder if it is
worth adding a SunScreen firewall to my network. The only place the firewall
makes sense is behind my router, and since nothing can get in (in theory),
what is the point of the firewall?

Does a firewall make sense? I dont see how a firewall adds protection
*behind* a router providing NAT. Advice? Am I missing something?

Thanks in advance,

Lionel