[Chugalug] Firewall placement?

Dave Brockman dave at brockmans.com
Thu Sep 5 18:00:44 UTC 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 9/5/2013 11:24 AM, Christopher Rimondi wrote:
> If you will rely on this firewall to view logs then place it
> somewhere it can see the internal IP addresses, i.e. that it just
> won't see a NAT'd IP.

Come again, slowly this time?  Where would you put your firewall where
it would not see internal IP addresses in a SOHO environment?  Since
SOHO firewall or router really both mean NAT device?

It really depends on your topology and what you want to accomplish.
If you have Cable Internet, then you will have a router (SMC gateway)
and then a firewall.  If you are on EPB, you can WAN straight into
your firewall.  I prefer a proper border router in front of my
firewall, but that requires someone asking EPB for a routed circuit
for their statics.
No such option with Comcast, you just get to deal with their bridge,
you don't have a single choke point if you have more than 1 static.

Regards,

dtb



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEbBAEBAgAGBQJSKMbMAAoJEMP+wtEOVbcdHuIH93qh2gfU0ghNmvRZHgRi7g53
ybj5kd5R20s/83no5F7VW17Rv++fsVurZ2fv4vo9Dx/Vn04xPFCbx/N/sRdQ0lfz
04DNm1Rbd8jWndTUd4UcFWCaPZWPlVKr8UTUpzZZZg11hEVJx1wzefAcIB+s7Vfh
sJtyloBGd3H8gOLgZushweFmo3gkjAjXgtdikdWwSNvDmk0qX/QEUPrnlN7nA2Yt
ZswwWomhymy3ky3+cjInCY9i1+aVPl6amD4VryrJ5iSxX1LNKWBIvgQt3rP+4ngo
ASU+nFhCEnf2oRenl4X6rg3cx0Gso1l7DSRGsIsgcznv+FNS4MOlS0CHcA18sg==
=jbjp
-----END PGP SIGNATURE-----


More information about the Chugalug mailing list