I use a LEAF box behind a modem for some time now. I have private addresses between the modem and the leaf box without any problems at all. I have declared the LEAF box's address as the DMZ in the modem and turned it's firewall off and it works well on at least 6 systems I have installed in the local area so far.
Andrew Gray MCSE Manager Willowcrest Solutions Pty Ltd -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Martin Hejl Sent: Tuesday, April 11, 2006 4:40 AM To: Thomas Wille Cc: leaf-user@lists.sourceforge.net Subject: Re: [leaf-user] Leaf Router with AVM Fritz Box? Hi Thomas, > When changing my internet connection to DSL, I will get an AVM Fritz Box SL > from my Internet provider. It has a built-in firewall. Will it be useful to > run in addition also shorwall on my Leaf router? > > What is your opinion? I presume you need the AVM for DSL access (if I'm not mistaken, it has a DSL modem built in) and possibly for other things too (like VOIP or so). Despite it being a bit of overkill, there's nothing wrong with having a LEAF box between your Fritz box and the local net (I've done it that way at my mother's place, where I got a DSL Modem/Firewall/VOIP Gateway from the provider). In the end, I don't trust AVM, Linksys or D-Link (or any other company that makes boxes like that) to make something that's "safe". With a LEAF box, if somebody breaks into the router the provider gave me, they still have to get past the LEAF box to get to the local net. There's nothing wrong with several layers of security, especially when talking about DSL (the bandwidth is not high enough that the extra router in between might matter all that much. If you want to do lots of online gaming, you might want to keep the LEAF box out of the loop though, to avoid the extra hop). The one thing you need to be aware of is that those AVM/D-Link/Linksys boxes tend to use private IPs on their internal net (which would be connected to the external interface of the LEAF box), so you need to change the Shorewall config accordingly (if I remember correctly, Shorewall doesn't like private addresses on what it considers to be the external interface). I hope that helps. Martin ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ __________ NOD32 1.1482 (20060411) Information __________ This message was checked by NOD32 antivirus system. http://www.eset.com ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
