Firewall placement?

From: Darren Breidigan 
------------------------------------------------------
Is there a preference or best practice for firewall placement for a SOHO?

modem->firewall->router->server
or
modem->router->firewall->server

Does it matter whether there is a  router/firewall or a embedded 
[Rasp/Pi] setup?

Just an experiment for a local shop that still does almost everything by 
hand.

Darren

=============================================================== From: Aaron welch ------------------------------------------------------ Most scenarios have the router and firewall as the same device. -AW

=============================================================== From: Christopher Rimondi ------------------------------------------------------ If you will rely on this firewall to view logs then place it somewhere it can see the internal IP addresses, i.e. that it just won't see a NAT'd IP.

=============================================================== From: Dave Brockman ------------------------------------------------------ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Come again, slowly this time? Where would you put your firewall where it would not see internal IP addresses in a SOHO environment? Since SOHO firewall or router really both mean NAT device? It really depends on your topology and what you want to accomplish. If you have Cable Internet, then you will have a router (SMC gateway) and then a firewall. If you are on EPB, you can WAN straight into your firewall. I prefer a proper border router in front of my firewall, but that requires someone asking EPB for a routed circuit for their statics. No such option with Comcast, you just get to deal with their bridge, you don't have a single choke point if you have more than 1 static. Regards, dtb -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEbBAEBAgAGBQJSKMbMAAoJEMP+wtEOVbcdHuIH93qh2gfU0ghNmvRZHgRi7g53 ybj5kd5R20s/83no5F7VW17Rv++fsVurZ2fv4vo9Dx/Vn04xPFCbx/N/sRdQ0lfz 04DNm1Rbd8jWndTUd4UcFWCaPZWPlVKr8UTUpzZZZg11hEVJx1wzefAcIB+s7Vfh sJtyloBGd3H8gOLgZushweFmo3gkjAjXgtdikdWwSNvDmk0qX/QEUPrnlN7nA2Yt ZswwWomhymy3ky3+cjInCY9i1+aVPl6amD4VryrJ5iSxX1LNKWBIvgQt3rP+4ngo ASU+nFhCEnf2oRenl4X6rg3cx0Gso1l7DSRGsIsgcznv+FNS4MOlS0CHcA18sg== =jbjp -----END PGP SIGNATURE-----

=============================================================== From: Ed King ------------------------------------------------------ I prefer my firewall between the passengers and the engine ;)=0A=0A=0A=0A= =0A

=============================================================== From: Chad Smith ------------------------------------------------------ Leiningen puts his firewall between himself and the ants. *- Chad W. Smith*