Hi Duncan,
On Wednesday 30 June 2010 21:23:39 DSinc wrote:
> Gaffer (Josh),
> My apologies. I somehow forgot that my traffic (queries) go to many
> places around our globe. It was not until our 1st exchange that I
> realized that you were sharing from a UK TELCO system I do not have.
> Once I figured this out (too late!), I did fail to step back in and
> toss some water on an increasing "camp fire." Sorry.
Not to worry. I'm equally guilty ! I just didn't realise you were
talking about two items of equipment until Josh pointed it out.
> Yes, here in the USA, all xdsl is done via a TELCO supplied MODEM.
> AND, it is always (in my experience!) pre-loaded w/firmware to BE my
> Gateway/Router (Firewall/DNS/DHCP/WINS/XYZ?). Like One MODEM=One PC
> attached to the TELCO line. Legally (?) USA TELCOS have spent much
> energy trying to preserve this corporate TOS policy.
Yes I can see the financial advantage to the teleco by doing that.
Generally there is no objection to running several machines behind the
router, over here. About the only time you might get a warning is if
you are constantly running big data transfers. That comes under "fair
use" rules.
> Since joining the LIST, I have learned that I can re-admin these
> MODEMS and make them essentially DUMB DEMOD devices. Essentially,
> transfer the above 'services' to a device I buy and choose to use for
> my home/private LAN.
Yes ! You are quite right ! That is how they should be. I do see
another advantage in having a separate device to the router. It would
be a lot cheaper to replace if it got damaged.
> If my TELCO suspects that I MIGHT have more that ONE PC attached to
> THEIR MODEM, they can query, and/or, deny me service. I accept this;
> as I have since 1996. Shortly I will leave xDSL. This whole topic
> will then become academic.
Its not easy for the telco to monitor every user for multiple machines,
but they will monitor traffic and try to charge an additional fee for
it.
> No harm, no foul! Now that I fully understand your UK perspective,
> your points provide some things to think more about.
>
> My primary firewall lives at my Router. I chose my Router for the
> on-board SPI. My previous Router did not offer SPI; it was NAT only.
Can you tell me what SPI is ?
> Yes. I do use the internal client WinXP firewalls also.
>
> I thought I had a strong set of Router Inbound Rules set/allowed.
> Perhaps not. I will look deeper into this. (though, I admit, it does
> often put me to sleep!!)
Basically a firewall (part of the router) should deny all incoming
traffic but should allow all outgoing traffic.
Basically it works like this, your machine makes a request (you typed
an address into a browser) the firewall knows you made that request
and lets it out. When the reply comes back the firewall knows that it
is in response to your request and lets the reply in.
You have ultimate control over how the firewall handles all the traffic.
Google "IPtables" or "Netfilter", that will give you a very good
insight as to how it all works.
> Perhaps my Router is no longer up to the task. Stuff happens, because
> time marches on.
> I have a new Router delivered and under investigation ATM!
> Best,
> Duncan
I'm often around, except when I'm not...
--
Best Regards:
Derrick.
Running Open SuSE 11.1 KDE 3.5.10 Desktop.
Pontefract Linux Users Group.
plug @ play-net.co.uk
