-> I'm going to have cable modem installed in my home private network.
-> Right now, I'm using PPP dialup to serve the rest of the machine at
-> home by IP Masq. I want to know what is the best way (in terms of
-> security) to go for the configuration 'cos I heard that IP Aliasing
-> can be used without installing extra network adapter in the
-> server. On the other side, people have opinion that it would be
-> security problem if do it in single NIC... Please feel free to tell
-> your opinion. Thanks.
-I'm using one NIC to connect to a hub which then has the cable modem
-plugged into it, as well as a printer. The printer I have on a
-192.168.0.* address, which means it won't get routed to the outside
-world. If I were setting up multiple computers, what I would do is
-have a single cheap computer with 1 nic sitting on the real-internet
-ip address, and then ip masq to my personal computers which would be
-on the 192.168.0.* subnet. If you really are paranoid that somebody
-is going to try and break in to your computer I guess you should get
-two nics, and have the firewall machine sit in between your cable
-modem and your local hub.
Actually I don't think it's paranoid to have two NIC's. Consider the following
You get two or more Linux savvy users on a cable modem segment. While it's
true that the 192.168.0.* address are not routed, the router is at the head
of the segment. So with a single NIC 2,3 or more people can have 192.168.0.*
packets floating around, which could possibly start interefering with each
other. And it would be a * to debug too...
I'd stick to the convention that nothing but valid IP's go out the cable modem
because you don't know what's going on with the cable modem segment. Even
if other users are sending private packets on the segment, with a properly
configured masquerading box sitting between the modem and the internal network,
those packets will not affect you...
Spend the $20-$30 to get another NIC and sleep easy.
BTW a question about cable modems: I presume that when the cable goes out due
to storms and whotnot, that the Internet service goes offline too?
Another random extraction from the mental bit stream of...
Byron A. Jeff - PhD student operating in parallel - And Using Linux!