Date: Tue, 28 Mar 2000 14:40:29 -0500 (EST) From: Kelly Yancey <kbyanc@posi.net> To: "Brian O'Shea" <boshea@ricochet.net> Cc: freebsd-net@FreeBSD.ORG Subject: Re: Security of NAT "firewall" vs. packet filtering firewall. Message-ID: <Pine.BSF.4.05.10003281436440.3162-100000@kronos.networkrichmond.com> In-Reply-To: <20000328113534.W330@beastie.localdomain>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 28 Mar 2000, Brian O'Shea wrote: > Hello, > > I have set up a FreeBSD 3.4-STABLE machine as a NAT router for my > home. The only service that I am running on it is SSH. Because there > is no external route to any of the machines on my internal network (I > am using one of the RFC1918 network addresses), is there any security > benefit to installing packet filtering rules? It wouldn't be much > trouble for me to do so, but I'm wondering if it is necessary. > NAT will effectively protect the boxes on your network. It's the router you need to worry about (since it is the only box on the public Internet). You say you are only running SSH on it, so it sounds like you have locked that box down but good. Depending on how paranoid you are, you might still want to put packet filter rules just for protecting your router. Kelly -- Kelly Yancey - kbyanc@posi.net - Richmond, VA Analyst / E-business Development, Bell Industries http://www.bellind.com/ Maintainer, BSD Driver Database http://www.posi.net/freebsd/drivers/ Coordinator, Team FreeBSD http://www.posi.net/freebsd/Team-FreeBSD/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.10003281436440.3162-100000>