From owner-freebsd-net  Tue Mar 28 11:26:31 2000
Delivered-To: freebsd-net@freebsd.org
Received: from mail.rdc1.sfba.home.com (ha1.rdc1.sfba.home.com [24.0.0.66])
	by hub.freebsd.org (Postfix) with ESMTP id EB0AC37BD99
	for <freebsd-net@freebsd.org>; Tue, 28 Mar 2000 11:26:28 -0800 (PST)
	(envelope-from boshea@ricochet.net)
Received: from beastie.localdomain ([24.19.158.41])
          by mail.rdc1.sfba.home.com (InterMail v4.01.01.00 201-229-111)
          with ESMTP
          id <20000328192628.FFOO5721.mail.rdc1.sfba.home.com@beastie.localdomain>
          for <freebsd-net@freebsd.org>; Tue, 28 Mar 2000 11:26:28 -0800
Received: (from brian@localhost)
	by beastie.localdomain (8.9.3/8.8.7) id LAA21929
	for freebsd-net@freebsd.org; Tue, 28 Mar 2000 11:35:34 -0800 (PST)
	(envelope-from brian)
Date: Tue, 28 Mar 2000 11:35:34 -0800
From: "Brian O'Shea" <boshea@ricochet.net>
To: freebsd-net@freebsd.org
Subject: Security of NAT "firewall" vs. packet filtering firewall.
Message-ID: <20000328113534.W330@beastie.localdomain>
Mail-Followup-To: freebsd-net@freebsd.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.95.4i
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Hello,

I have set up a FreeBSD 3.4-STABLE machine as a NAT router for my
home.  The only service that I am running on it is SSH.  Because there
is no external route to any of the machines on my internal network (I
am using one of the RFC1918 network addresses), is there any security
benefit to installing packet filtering rules?  It wouldn't be much
trouble for me to do so, but I'm wondering if it is necessary.

Thanks,
-brian

-- 
Brian O'Shea
boshea@ricochet.net


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message