View Single Post
  #10  
Old 2008-07-20, 11:46 PM
direwolf-pgh's Avatar
direwolf-pgh direwolf-pgh is offline
On the Beach
 
Join Date: Dec 2005
Location: down in the basement
Re: Firewall and Fios

what you have on each router is NAT (network address translation)
this is what keeps your internal nodes on private IP's & not on public IP addresses.
between NAT & having ports closed (firewalled) your systems are fine.
when using two routers - you've created a bridge of two separate networks.
thats all - it doesnt offer 'double NAT security' & it doesnt offer 'double firewall security'
in fact, all its done is add extra information into the IP packet headers for routing.
an open port is an open port - no matter how many routers its behind.
its not standard practise because it offers zero security benefits. you're just changing the routing path inside your home network & it may even slow traffic more.
now if you had a computer acting as a router that could change IP traffic to IPX traffic..that would be a security benefit & it was thought at one time to be good idea. but it isnt & no one does that either.
in your earlier post you mentioned using the DMZ - and in many home routers the DMZ is used to 'disable the NAT' & put that machine on the external IP address - naked on the net (you would do this if you were hosting out... like a public web server).

dont take it personally, cause its not meant that way. im just sayin'
I was somewhat concerned you felt you were safe using a DMZ..
and in your config with two routers.. if you use the DMZ.. you're just putting the machine outside the second router - behind the first..which makes the two router config nonexistent - cause then you aren't even using it.

Last edited by direwolf-pgh; 2008-07-20 at 11:52 PM.
Reply With Quote Reply with Nested Quotes