[TriLUG] LAN/WAN interface question

Ryan Leathers ryan.leathers at globalknowledge.com
Mon Feb 16 14:16:47 EST 2004 

In my home network I went through 2 Linksys and 1 Netgear router in
about 18 months.  The more complex the filtering and forwarding the less
reliable these things seemed to be.  Maybe I just had bad luck. 
Offloading some of the complexities to a linux firewall helped a lot,
but in the end my lack of patience was greater than my frugality.  

I finally stepped up and purchased a business class router and its been
worth every penny.  Stateful inspection, VPN, IDS and DHCP have all been
rock solid as expected.  I still have a linux firewall behind the router
for "security in depth" but I rarely have to tinker with either now that
the router behaves consistently.

Three cheers for good hardware... and gratz to those of you who've had
better luck with consumer grade routers than I have.


  

On Mon, 2004-02-16 at 13:47, Owen Berry wrote:
> I have a Linksys BEFSR41 and in the past I've set it up to forward SSH
> to my Linux box, and then using shorewall/openssh limited the external
> IP's that can access it. Not sure how different it is with BEFSR11, but
> I don't see why it wouldn't work.
> 
> I would hang on to the appliance if I could - a double line of defence
> makes me feel safer.
> 
> Owen
> 
> On Mon, 2004-02-16 at 11:41, Jeremy Portzer wrote:
> > On Mon, 16 Feb 2004, Mike M wrote:
> > 
> > > I need to open one server on my LAN to an outsider.  My Linksys
> > > router appliance (BEFSR11) doesn't seem to be up to the job.  I think
> > > it's time to upgrade to Linux.  
> > > 
> > > Reqs:
> > > 
> > > * Allow a certain static IP address to ssh to a single server. (THis is
> > > the requirement the appliance doesn't seem to support.)
> > 
> > Even though the appliance may not support this option, you can certainly
> > restrict which IP address can connect via ssh with iptables on the local
> > server, and/or with the sshd configuration file.  This single issue isn't
> > really a reason to ditch the appliance IMO, but certainly setting up a
> > Linux firewall/router would be a good exercise.
> > 
> > --Jeremy
> > 
> > -- 
> > /---------------------------------------------------------------------\
> > | Jeremy Portzer        jeremyp at pobox.com      trilug.org/~jeremy     |
> > | GPG Fingerprint: 712D 77C7 AB2D 2130 989F  E135 6F9F F7BC CC1A 7B92 |
> > \---------------------------------------------------------------------/
-- 
Ryan Leathers <ryan.leathers at globalknowledge.com>
Global Knowledge
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://www.trilug.org/pipermail/trilug/attachments/20040216/6221530a/attachment.pgp>

More information about the TriLUG mailing list