Chained Routers, Part II

It’s Friday!

Although I try to support local businesses, sometimes they just don’t have what I need. I began looking
for a firewall/router this past weekend to begin reconfiguring my home
network for safer computing. But I was unable to find what I was looking for.

What I need is just a router/firewall. I don’t need a switch or hub. Well, actually, if
someone made a 16-port router/firewall/switch maybe I would get one
but, as far as I know, no one does. So all I need is the router/firewall.

Fortunately, Linksys still makes the BEFSR11.
This router has one port, which is all I need because if I wanted to, I
could put my own 16-port switch behind that. This model been around for
awhile and I wish I could have found others that are newer to take a
look at but it’s all I could find. It should arrive sometime today or Monday.

Once I have that, I’ll chain it off my present firewall/router and put my present local network behind
it. In between this second router and my present one I will move my
test web server. Thus, the web server can be port forwarded from the
first router and the rest of the network can be protected behind the
second router (which will have all ports stealthed. Yes, I know, I’m
talking about two different kinds of ports here, but stay with me).

This still leaves the web server open to attack, but there nothing I can do about that other than
to run the most secure operating system I can (FreeBSD) with only port
80 open and no other services other than what is needed running.

By the way, Fellow Daynoter
John Doucette
notes that the use of the word “DMZ”, which I used in my earlier post, does not
necessarily mean all ports are open. In fact, in the pricey Nortel gear he gets to play
work with, it probably means the opposite. He is no doubt correct, but
all I can say is that’s how Gibson Research and Linksys described and
defined the word DMZ. YMMV. Sorry for any confusion I may have caused.

Have a Great Weekend, Everyone – Aloha!

Advertisements

Comments are closed.