At 11:50 PM 3/15/2001 -0500, John Murphy wrote:
>Matthew I was wondering if you could answer a question for me. I use Linksys
>Router connected to my Linux box and two other Win machines. I have not used
>a firewall or ipchains, seeing that NAT is built into the router. I see you
>mention a script for sever with NAT, is this something that I should be
>looking into? Or should I be safe enough with the router with the built in
>NAT.
It depends on several things actually John. Look into whether or not the
Linksys you have does packet filtering. The Linksys Cable/DSL routers that
I know of are a good, inexpensive way to set up a NAT environment, and I
have recommended them in the past. I haven't actually used any of them (we
had the extra box at the office to build a firewall), but I have heard good
things about them. IPChains is actually designed to be a packet filter,
and has a particular type of NAT built on top (many ips to one ip, called
masquerading). The question would be, given the Linksys router doing NAT,
do you need a packet filter between the router and your internal
network. That would depend on your security needs. Packet filtering
allows you to disallow certain types of traffic across the wire. For
example, if you have Windows machines behind the Linksys, they will be
broadcasting NetBIOS queries out into the wild.
In short the Linksys is fine for just NAT. If it has packet filtering,
enable the rules and give yourself more security. Otherwise, consider a
firewall application for behind the router. Hope this helps
--
Matthew Micene
Systems Development Manager
Express Search Inc.
www.ExpressSearch.com
