[Techtalk] Good firewall configuration tool for debian
Carla Schroder
carla at bratgrrl.com
Fri Apr 9 10:18:47 EST 2004
On Thursday 08 April 2004 5:55 pm, Kathryn Andersen wrote:
> If/When I move to ADSL... I notice in the listings of ADSL modems, one
> could get a plain modem, or one could get a router which has all sorts
> of built in stuff including NAT and a firewall. Is it better to just
> set up all that stuff on one's own box, or to use a router? All I know
> about NAT is that some people think it's evil...
>
NAT is lovely, not evil. You have only one exposed public IP address, the rest
are non-routable IPs nicely tucked away behind your NAT router/firewall. If
you have to pay for routable IPs, this saves you money. Let's say you want to
run some public services, even if it's only for your personal use, like your
own mail server, or a little Web server. Most ISPs will charge extra for a
static IP, and if you want more than one, you'll be charged more. With NAT,
you only have to pay for one, then run as many servers behind it as you want
to. This also gives you flexibility in your LAN, you can muck about and
change IPs all you want to, or mess with DHCP, or do anything you want.
On a typical consumer DSL account, where you have a dynamically assigned IP,
NAT works just fine. Those lil ADSL modems, like the Linksys Etherfast
Cable/DSL Router, are fast and easy to set up, and you can still run public
services if you want to. And you can configure iptables on individual boxes
to your heart's content. I use the BEFSR41; it's a switch, rather than a dumb
hub, so my LAN hums along quite speedily. It supports port forwarding,
logging, selective blocking, DHCP and static IPs, and other good stuff.
Another nice thing about the Linksys-type boxes is they are small, quiet, and
don't eat up much electricity.
Of course the trick with running public services on a dynamic IP is you need a
third-party DNS service, like http://www.dyndns.org/, which lets you run
public servers on a dynamic account.
so you see, there are many options, and NAT is not evil. :)
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Carla Schroder
this message brought to you
by Libranet 2.8 and Kmail
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
More information about the Techtalk
mailing list