> Hi gang,
> I have a DSL modem connected to a LinkSys
> hub/router/dhcp_server/firewall unit. All this stuff is built into it
> ( http://www.linksys.com/Products/product.asp?grid=23&prid=20 ).
> My first question is whether the NATing done by the LinkSys unit is
> sufficient to proctect a home network.
Yes and no. It depends on how sensitive the information is behind the
NAT (note i said NAT not firewall. NAT isn't a true firewall but is
usually sufficient for home networks).
> Secondly, if not, where would I place a Linux/BSD box to act as an
> actual firewall (using Netfilter) and what would be the basic config?
> Is this easy to do?
> What I don't get is the authentication part. You see, the LinkSys has
> my domain (the ISP's), my userid, and my passwd configured within it.
> So this is how I make connections. But if I remove it, and put in my
> OpenBSD box, then how does it work?
I can answer both of these questions together. You can do this one of
two ways. 1) You can put a linux/freebsd/openbsd box behind the NAT.
Allow the nat to do it's job, but point everything you want NAT'd to the
BSD box then from the BSD box, you can packet filter AND nat, to
anything behind it..... 2) you can set the BSD box as the connection
appliance to the DSL connection. Linux/FreeBSD are perfectly capable of
connecting to pppoe DSL. Just research it. I don't know if they've
changed FBSD to have NETGRAPH and such in the base kernel, in version
4.2 or so, you had to build a kernel capable of connecting to DSL...
doesn't really matter tho, when you build the IPF/IPNAT firewall, you
would rebuild the kernel anyway.. no big deal. As for Linux, I think
most of the major distro's have this built in.