Re: [SLE] suse 10 on cable modem at comcast.net
- From: lerninlinux@xxxxxxxxxxx
- Date: Tue, 20 Dec 2005 18:33:31 +0000
-------------- Original message ----------------------
From: "Paul W. Abrahams" <abrahams@xxxxxxx>
> On Monday 19 December 2005 1:31 am, Toshi Esumi wrote:
>
> > The most important aspect of putting a device between your PC and the
> > modem is that the device takes care of NAT(Network Address Translation)
> > from/to a public IP to/from private IPs. In case you hook up the modem
> > directly into your PC, your PC needs to have a public IP address
> > assigned by Comcast, let's say 24.120.10.121, which is accessible from
> > anywhere around the world. That's why you HAVE TO set up Firewall on
> > your machine.
> > On the other hand, if you put a device in-between, the device MUST
> > have two interfaces (could be logical interfaces): one has 24.120.10.121
> > and the other has any private IP address, let's say
> > 192.168.1.1/255.255.255.0. And your PC can have one of IPs in the same
> > subnet, 192.168.1.2-192.168.1.254. It can be assigned via DHCP from the
> > device or assigned statically/manually. This case, everybody outside can
> > try accessing the device using 24.120.10.121 but can't access your PC
> > because of NAT on the device. Of course, if a hacker found a way to
> > break into the device, the hacker can have many ways to attack your PC,
> > like setting up port mapping or whatever. But the chance the hacker or
> > viruses can attack your PC is much less than you hook up the PC to the
> > modem.
> > Needless to say, if you need or decide to add another PC, it would be
> > much easier than installing another NIC into your PC to connect your
> > second PC.
>
> Well said. It explains just why a router is worthwhile even if there's only
> one computer connected to it. They're not expensive, they're very easy to
> install even with little knowledge, and they simplify matters enormously if
> you ever want to hook more than one computer to the Net.
>
> I've often wondered, though, how strong the router firewall is. Routers can
> be configured to allow settings from outside, though I don't think that's the
> default on the typical Linksys or Netgear. It's also a good idea to set the
> password to a non-default value, although I don't know whether that's really
> necessary if outside access is blocked. Anyone know the story on router
> hacks?
>
> Paul
>
> --
> Check the headers for your unsubscription address
> For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
> Also check the archives at http://lists.suse.com
> Please read the FAQs: suse-linux-e-faq@xxxxxxxx
>
>
While I don't know the story on router hacks, I have always gone by more then 1 firewall. First there is the Nat box, then at least a software firewall, on all the machines. I have also set up a dmz to a "test" network with it's own firewall settings, for learning. While you can have firewalls with a similar problem (aka if someone found a flaw in the tcp/ip stack) you are a little safer by having the software run on different hardware.
--
Check the headers for your unsubscription address
For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
Also check the archives at http://lists.suse.com
Please read the FAQs: suse-linux-e-faq@xxxxxxxx
- Prev by Date: Re: [SLE] Cannot make Intellimouse wheel work in Suse 10
- Next by Date: [SLE] Router hacks?
- Previous by thread: Re: [SLE] suse 10 on cable modem at comcast.net
- Next by thread: [SLE] Ipod 30GB +gtkpod +SUSE 10.0
- Index(es):
Relevant Pages
|
