[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: azrues and selinux



Casey Boone <caseyboone@gmail.com> wrote:
> if you have a dlink router in front of your linux box, turn the
> linux firewall off as the dlink will be a good enough firewall
> for your purposes

Er, um, I don't know if I can agree with that statement.  It really
depends what you mean by "firewall."

I like "firewalls" that are at least basic layer-3/4 "security
appliances."  Basic, stateful packet filtering (SPF), Network Address
Translation (NAT) with Port Address Translation (PAT) for Source and
Destination changes (aka SNAT and DNAT), logging and basic Intrusion
Detection Services (IDS).  You don't really get those out of a SOHO
'Ritter.

But yes, to focus just on NAT+PAT, using two NAT+PAT devices -- one
after another, is not ideal.  You should only use 1 NAT+PAT device on
a LAN/WAN per Internet gateway.


-- 
Bryan J. Smith     Professional, Technical Annoyance
b.j.smith@ieee.org      http://thebs413.blogspot.com
----------------------------------------------------
*** Speed doesn't kill, difference in speed does ***

-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.