better network setup security wise
- From: Tom Forsmo <spam@xxxxxxxxxx>
- Date: Sat, 09 Dec 2006 12:36:20 +0100
I have another question
I am reconfiguring my network, so as to make the internet connection I have at home available to all machines without a single point of failure. The current setup is
Internet --> adsl router --> FW machine --> local network
the FW machine also works as a ad hoc machine, including as a game machine. This setup forces the fw machine to be up all the time. But the reason I chose this setup is that I trust the linux firewall much much more than the typical firewalls you find on any router. For example I can see in my FW logs that even though the adsl routers firewall is turned on, lots of requests from internet scanners reach the firewall machine, which they really should not.
Additionally, the second network interface on the FW machine runs some services I need at home, such as samba. I don't want any internet scanners to find and access these services, because I don't want to spend time adding a lot of extra security to these services.
So my question is, are router firewalls safe to use? I assume that the firewalls would need some reconfiguring from the factory/isp default to make them safer, but would that be safe enough?
I realise that it is difficult to answer that question and that it depends on the level of the default isp configuration. But my suspicion is that generally router firewall are of mediocre quality and easy to bypass in contrast to the linux firewall. Actually more generally, that any commercial security product is at best of mediocre quality. Tests I have read about it, indicated that.