better network setup security wise

I have another question

I am reconfiguring my network, so as to make the internet connection I have at home available to all machines without a single point of failure. The current setup is

Internet --> adsl router --> FW machine --> local network

the FW machine also works as a ad hoc machine, including as a game machine. This setup forces the fw machine to be up all the time. But the reason I chose this setup is that I trust the linux firewall much much more than the typical firewalls you find on any router. For example I can see in my FW logs that even though the adsl routers firewall is turned on, lots of requests from internet scanners reach the firewall machine, which they really should not.

Additionally, the second network interface on the FW machine runs some services I need at home, such as samba. I don't want any internet scanners to find and access these services, because I don't want to spend time adding a lot of extra security to these services.

So my question is, are router firewalls safe to use? I assume that the firewalls would need some reconfiguring from the factory/isp default to make them safer, but would that be safe enough?

I realise that it is difficult to answer that question and that it depends on the level of the default isp configuration. But my suspicion is that generally router firewall are of mediocre quality and easy to bypass in contrast to the linux firewall. Actually more generally, that any commercial security product is at best of mediocre quality. Tests I have read about it, indicated that.


Relevant Pages

  • RE: can ping but not browse
    ... I have stopped the firewall. ... # are safed from all (security) hazards. ... firewall/bastion host to the internet ... # internet and to an internal network, ...
  • Re: Using a Linksys router, should I also use Zonealarm?
    ... public internet to access corporate network. ... In the "old days" when people used to use Dial-In instead of VPN you ware ... protected by corporate Firewall -- since there was no public Internet ...
  • RE: Hidden Ports
    ... this is done by the firewalls to prevent authenticated files from being replaced by trojans and connecting to the internet. ... kerio firewall ... or a program that already had network access attempted to ... > Depending on the Access setting for a component, ZoneAlarm Pro ...
  • Re: Entire Network
    ... Internet access is different and just because a firewall isn't ... Second, if it isn't the firewall, then often it is a case of the system ... any way a network guru. ... > The network connection works just fine from both computers for internet ...
  • Re: Using a Linksys router, should I also use Zonealarm? Internet Acceptable Use Policy
    ... my browser's access to the Internet is restricted. ... I thought it was the company's firewall extending a slap on my ... > public internet to access corporate network. ... > NAT is Network Address Translation. ...