Internal router on home network - advantages?
Results 1 to 9 of 9

Thread: Internal router on home network - advantages?

  1. #1
    Member
    Join Date
    Nov 2003
    Posts
    48

    Internal router on home network - advantages?

    Spurious_Inode wrote about this in another post and it got me thinking.

    Currently, my home network has 1 Linux box and 4 Windows machines on it.

    I have DSL, a 2-wire Homeportal, with the latest firewall update - it isn't heavy duty by any stretch, but a nice addition.

    Past that is a standard HUB.

    In watching all network traffic, I rarely see anything strange - the occasional ping sweep, but that's about it.

    Is there an advantage in this situation to having an internal router?

    i.e.

    DSL modem > router > network.

    I ask because I can see added security advantages, but I am not confident those extra measures are needed given what I have seen on my simple home network.

    Are there other advantages that I am missing to this setup? I would love to hear them - I am all for expanding the capabilities I have now.

    Thanks in advance.

    .: Aftiel

  2. #2
    Senior Member
    Join Date
    Oct 2002
    Posts
    1,130
    I think if you can connect more than one computer on a DSL modem, it must also be acting as a router, unless you have bought 5 addresses from you ISP.

    Or wait, what is a homeportal? Is this your router? Sorry, never heard of one before.

    If it is, then I can't really see any added benefit from putting a second router in there for such a small network.
    Government is like fire - a handy servant, but a dangerous master - George Washington
    Government is not reason, it is not eloquence - it is force. - George Washington.

    Join the UnError community!

  3. #3
    Senior Member
    Join Date
    Feb 2003
    Location
    Memphis, TN
    Posts
    3,747
    I have DSL service, and I have a router on the inside.

    DSL Modem-->Router-->Home PC's

    My router is a Linksys BEFSX 41 which allows me to connect up to 4 PC's to the DSL. The router also provides a firewall, and Stateful Packet Inspection as well as NAT.

    The advantages to this is not much, unless you like the extra security.
    =

  4. #4
    Banned
    Join Date
    Nov 2003
    Posts
    1,161
    http://www.twckc.com/help/modemsupport/2wire.html Is that the homeportal we are talking about ?
    Remember most routers have (NAT) Network Address Translation - A program or piece of hardware that converts the IP address from a private address to a public address real time. This allows multiple users to share a single public IP address. It also prevents access to these users from the outside without special configurations. NAT is used in home networks and corporations to allow multiple PCs to access the internet via T-1, ADSL, SDSL or Cable Modem.
    If it doesnt have NAT I would say the router worthless(opinion) in a attack.


    Just because cheyenne posted his. Ill continue this trend :lol:
    World Wide WEB(1.5mbs) --> SmoothWall --> CPU's

  5. #5
    Member
    Join Date
    Nov 2003
    Posts
    48
    Here is the link to the exact DSL Modem I am using:

    http://www.2wire.com/home/hp_index.html

    Since it appears a couple of you ARE using routers behind a DSL Modem:

    1. Do you turn the firewall OFF in your DSL Modem and use the router for that?

    2. Do you set up two internal networks (i.e. 192.16.1. and 172.16.1 for instance,) or do you just DHCP from the DSL and let it assign all addresses?

    Thanks much for the replies.

    .: Aftiel

  6. #6
    Member
    Join Date
    Nov 2003
    Posts
    48
    If interested, a good read here http://www.2wire.com/support/pdf/tolly_firwl.pdf that compares the Homeportal firewall to Linksys and Sonicwall.

    .: Aftiel

  7. #7
    Senior Member
    Join Date
    Oct 2002
    Posts
    1,130
    I have it set up so that the modem simply worries about connecting to my ISP. No firewall, no NAT, and no routing. The modem then links directly to the WAN port on my DSL router, on which there is a simple packet filtering firewall. Since I run a small network, I employ host-based firewalls for the most part.

    IP addressing is done via DHCP from the router, which also performs NAT operations as well. So basically the modem is a dumb device that does nothing but modulate the signal to a phone line and vice versa. The router does everything. But I do this because my modem neither routes nor filters. I assume you are using the HomePortal 1000 which is both a modem and a router.

    In that case, I cannot see the advantage of having an internal router for such a small network, unless you are running a firewall, snort box, webserver, or something like that between them that would require a demilitarized zone. Barring that, two routers would seem to me to be excessive when one will work.
    Government is like fire - a handy servant, but a dangerous master - George Washington
    Government is not reason, it is not eloquence - it is force. - George Washington.

    Join the UnError community!

  8. #8
    Member
    Join Date
    Nov 2003
    Posts
    48
    Thanks Striek - I was thinking the same thing. It seemed a bit of overkill, but I asked in case I was missing some obvious advantages.

    I am using the Homeportal 1000, which does NAT and stateful packet inspection and is a router. So appears to be no real advantage to running another router behind it.

    .: Aftiel

  9. #9
    Senior Member
    Join Date
    Mar 2003
    Posts
    245
    Hi Aftiel,

    If you are running just a couple of PC's for ordinary home computer use, then a screened subnet firewall
    is going to be a very secure, yet completely over-the-top firewall solution for you.

    Screened subnet's work best when there is a service of some kind that you want to provide to users on the internet while protecting your internal network, and making it all as transparent as is reasonable.

    One last thing to note. A 'router' in the context we are talking about here can be an `el cheap'o` computer
    loaded with a Unix running routed, radvd, NAT, and some kind of stateful packet-filtering package.

    Sounds to me though that your current solution should be fine for what you are doing.

    -- spurious
    Get OpenSolaris http://www.opensolaris.org/

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •