[Techtalk] Good firewall configuration tool for debian
Devdas Bhagat
devdas at dvb.homelinux.org
Fri Apr 9 23:08:26 EST 2004
On 09/04/04 10:18 -0700, Carla Schroder wrote:
> On Thursday 08 April 2004 5:55 pm, Kathryn Andersen wrote:
> > If/When I move to ADSL... I notice in the listings of ADSL modems, one
> > could get a plain modem, or one could get a router which has all sorts
> > of built in stuff including NAT and a firewall. Is it better to just
> > set up all that stuff on one's own box, or to use a router? All I know
> > about NAT is that some people think it's evil...
> >
>
> NAT is lovely, not evil. You have only one exposed public IP address, the
NAT is evil. It breaks the peer to peer nature of the Internet.
> rest are non-routable IPs nicely tucked away behind your NAT
> router/firewall. If you have to pay for routable IPs, this saves you
Paying for routable IP addresses? There is plenty of IPv4 address space
to go around still. Ask your ISP to carry IPv6 instead.
> money. Let's say you want to run some public services, even if it's only
> for your personal use, like your own mail server, or a little Web server.
VoIP?
> Most ISPs will charge extra for a static IP, and if you want more than
> one, you'll be charged more. With NAT, you only have to pay for one,
Get a better ISP. Seriously, a clued ISP is worth money.
> then run as many servers behind it as you want to. This also gives you
> flexibility in your LAN, you can muck about and change IPs all you want
> to, or mess with DHCP, or do anything you want.
>
> On a typical consumer DSL account, where you have a dynamically assigned IP,
> NAT works just fine. Those lil ADSL modems, like the Linksys Etherfast
Until you need to run the same service on different hosts. Or until you
need to use VoIP. Or use any good p2p technology.
<snip>
> Of course the trick with running public services on a dynamic IP is you
> need a third-party DNS service, like http://www.dyndns.org/, which lets
> you run public servers on a dynamic account.
ISP TOS?
> so you see, there are many options, and NAT is not evil. :)
Until your ISP decides that consumer grade DSL customers should not run
services and to enforce that by giving you a RFC 1918 IP.
Devdas Bhagat
More information about the Techtalk
mailing list