[dude87]

Quote:

using two routers on a home network is ridiculous & doesnt help or hide anything. (also dude87 - the DMZ puts your computer outside the firewall - fully exposed)

I don't believe you're correct on this. I have one router facing the outside world. That router than has a range of internal IP addresses (i.e. in the 192.168.x.x range, not routable on the Internet). One of the wired ports on that router is connected to a second router which is assigned a static IP address (actually, that's the only device connected to the Internet-facing router). That second router also has a range of internal IP addresses. I connect (wirelessly and via wired Ethernet) all of my home machines to that router.

In order for someone from the Internet to reach an internal PC they would first have to navigate through the externally-facing router and then to the internally facing router (and finally to any of my PCs that have data they were after or just to hijack it as a spam factory or whatever). I allow guest access to the Internet-facing router (although I use WPA encryption - friends have to get the key from me to use it), I completely hide the "internal" router. I also forward my BitTorrent ports through the two routers (currently that's the only protocol I forward).

When I look at my router logs I can see the standard array of probes, etc. on the externally-facing router, I don't see any on the internal router. And my PC firewalls show zero outside attempts at access so I'm not sure why you believe I have my PCs completely outside the firewall. There are two layers of defense between my home PCs and the outside world.

Is this overkill and probably unnecessary for a home network? Undoubtedly, but I already had a WiFi router when I got FiOS service and they gave me the Actiontec router (which is required to use their multi-room DVR). I set it up for kicks and because it cost me nothing, I was perfectly content safety-wise with my previous single router configuration.