[geeks] Firewall *needed* behind home (NAT) router

Phil Brutsche phil at tux.obix.com
Tue Feb 8 13:34:29 CST 2005


Lionel Peterson wrote:
> My current home network consists of a Linksys "home" Cable/DSL Router/Wireless
> AP

[...]

> Does a firewall make sense? I don't see how a firewall adds protection
> *behind* a router providing NAT. Advice? Am I missing something?

You're making your situation *way* more complex than it needs to be.

My advice would be to dump the Linksys in the garbage, and stay away
from similar devices (ie DLink, Netgear, Belkin, etc) and get a *real*
firewall.

I would also invest in a good "enterprise"-class firewall - a Cisco PIX
501, for example.  Expensive?  Yes.  But replacing dead hard drives gets
expensive too, as does the power bill when you're running a full
computer just for your firewall.

Good alternatives are SunScreen Lite and m0n0wall
(http://www.m0n0.ch/wall) if you aren't opposed to going the PC route.

But then, you'll need wireless abilities... and I suppose the Linksys
can be kept around for that ;)  Some people are paranoid about the lack
of security in 802.11a/b/g, and I'm no exception - the Linksys' LAN
swich would be plugged into a (the?) DMZ port on your firewall.

-- 

Phil Brutsche
phil at tux.obix.com



More information about the geeks mailing list