mdg Posted February 25, 2004 Report Share Posted February 25, 2004 My home network setup right now is like this: Setup 1: Cable modem connected to router (WAN port) LAN port 1(router) goes to Mdk box LAN port 2 goes to XP box Both machines can connect to internet, but I haven't figured out file sharing yet (that's for another post) I'm wondering if it's not better to setup like this: Setup 2: Cable modem connects to Mdk box (eth0) Mdk (eth1) goes to router (WAN port) LAN port 1 (router) goes to XP box My main objectives are internet sharing and file sharing Any advantages of one method over the other? Quote Link to comment Share on other sites More sharing options...
Gowator Posted February 25, 2004 Report Share Posted February 25, 2004 Setup 1 is simpler ! Its more limiting in terms of if you want to host things internally, like a ftp site or web site or perhaps your own mail server.... If your router is also a 100Mbit hub or switch you have no advantages for filesharing etc. in the other way. Setup 2 is more complicated, you will learn more and perhaps decide to use some services you aren't presently using. In other words, setup 2 is gfor fun/learning and your original for a working system :D Quote Link to comment Share on other sites More sharing options...
arthur Posted February 25, 2004 Report Share Posted February 25, 2004 (edited) But I'd point out in setup 1 the computers can connect to the internet separately. (I mean, when one computer is turned off, the other can still surf) setup 2 can't do that. Setup 1 is also less secure since there's no "gateway" computer. It really depends on how you want to use it. Both can do the internet sharing and file sharing, so what else are your criteria? Edited February 25, 2004 by arthur Quote Link to comment Share on other sites More sharing options...
fuzzylizard Posted February 25, 2004 Report Share Posted February 25, 2004 Setup 1 is also less secure since there's no "gateway" computer. It really depends on how you want to use it. Both can do the internet sharing and file sharing, so what else are your criteria? Explain your reasoning behind this please, since the software in the router is acting as a gateway to the internet? As for security, it all depends on the software/hardware built into the router. (I would ensure that if you are using setup 1 then your router also has a firewall component to it). Setup 1 is the one that I use. Also, for security, in a network situation, I would never put a computer that you are going to be using for everyday use directly on the internet. I would always hide it behind a firewall/router piece of hardware somehow -- whether that is a box from linksys or it is a dedicated router/firewall that you put together yourself. As for making it easier to expose things like web servers or ftp servers, all routers have that ability to do port forwarding. This allows you to directly control which ports are open and which services are exposed. In addition, if you go with setup 2, you are going to need to implement some form of firewall on the linux computer. This is going to present a serious roadblock to filesharing. Not that it makes it impossible, it just makes it more difficult. My $0.02 CAD Quote Link to comment Share on other sites More sharing options...
Gowator Posted February 25, 2004 Report Share Posted February 25, 2004 Hmm, port forwarding doesn't always work quite so flexibly as it should. If I remember from a DLINK manual, if setting the firewall options still doesn't allow <> to work then set the computer up as a DMZ. Doing the firewall-setup 2 is as fuzzylizard points out a big step. Personally im actually using solution 2+++++ (its doing wireless and lots of other services too including VPN tunneling (which is expensive on a dedicated router. BUT i did it to learn and its a bg step.... One bad move and you can screw everything up. You get a much finer degree of control in solution 2 BUT it all needs setting up. Quote Link to comment Share on other sites More sharing options...
mdg Posted February 25, 2004 Author Report Share Posted February 25, 2004 Thanks for the input, I think I'll leave it set up the way it was. The router has a firewall built in, so it should be reasonably secure Quote Link to comment Share on other sites More sharing options...
arthur Posted February 26, 2004 Report Share Posted February 26, 2004 fuzzylizard, In setup 2 the XP box is behind the Linux box, which is the gateway and can act as DMZ. But some people, with good reason, won't link the XP box directly to the internet like in setup 1. Although the router may have a good firewall... But in my experience I don't know the details of the router firewall and how to manage it (I'm a control freak) and sometimes bad stuff does get through, to XP i mean. Feel free to correct (and educate) me on the router firewall...just my 2 cents. :D Quote Link to comment Share on other sites More sharing options...
Windependent Posted February 27, 2004 Report Share Posted February 27, 2004 Setup 1 is also less secure since there's no "gateway" computer. It really depends on how you want to use it. Both can do the internet sharing and file sharing, so what else are your criteria? i'm using Setup 1 with a D-Link firewall/router and various Win and MDK machines plugged into the router. the router itself acts as the gateway. i'm going to step out on a limb here, and say that if you just want to keep the outside world on the outside, Setup 1 is the safest way to go for most people. i say this because its pretty easy to improperly set-up a linux box acting as your gateway/firewall, and have your mistake result in a penetrable system. otoh, its very easy for the average guy to buy a plug and play routing appliance and hook it up between his DSL modem and home LAN without making any configuration mistakes, with the end result being a very secure system. just for reference, i went the route (pardon the pun) of the $30 D-link appliance. after setting it up, I pinged and portscanned my IP address from the outside. the little appliance type router worked exceptionally well -- with VPN disabled it refused to respond to any pings or originating packets from the outside world. in contrast, i also tried setting up a dedicated PC running Mandrake MNF acting as my firewall/gateway/proxy server, with the intent of having the MNF firewall and the D-Link firewall in series between the net and my home LAN. i gave up on this idea, as i couldn't get MNF to work properly on its own, not to mention putting it in front of or behind the D-Link router. i ended up giving up on the idea. as others have suggested, if you want to run a linux box as your firewall, its best not to run any X apps on the linux box, and not to allow any users to log onto that box for any reason other than administrative functions. Quote Link to comment Share on other sites More sharing options...
Steve Scrimpshire Posted February 27, 2004 Report Share Posted February 27, 2004 as others have suggested, if you want to run a linux box as your firewall, its best not to run any X apps on the linux box, and not to allow any users to log onto that box for any reason other than administrative functions. Man, y'all make it sound like Linux is this big huge security hole. Quote Link to comment Share on other sites More sharing options...
Windependent Posted March 4, 2004 Report Share Posted March 4, 2004 no, its not like i'm saying that linux is a big gaping security hole... i'll save terms like that for Windows. :P Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.