Rudi Ahlers wrote: > On Sat, Jul 16, 2011 at 2:20 PM, Ljubomir Ljubojevic <office at plnet.rs> wrote: >> Keith Roberts wrote: >>> So I guess I could configure my single NIC Centos 5.6 >>> machine connected to a 4 port ADSL router to act as the >>> external Gateway for other machine on the LAN side of the >>> router, possibly using NAPT on the Centos box? >> Yes, you can do that. You can also use it as a proxy server. >> >> When I said "firewall", I meant as firewall for the network, facing >> outside of the local network. There were people who would bring public >> (or semi-public, from ISP) IP to the switch and then hook up all PC's to >> that switch and use 2 subnets, one that ISP provided and one for the >> local LAN, all on the same switch, to save on hardware. That is not safe >> and not wise. > > Sure, if the 2 subnets were just NAT'ed then it wouldn't be very safe. > But if you have propper firewall rules in place to block incoming > traffic from the public IP going to the private IP then it's very > safe. > You are looking only at the safety of the server, not the whole network. In case od ADSL modems *with NAT-ing* you already have firewall in form as ADSL modem, and you are safe. But if you have public network passing through local area switch, then there is possibility o hackers using lower network layers to access unprotected PC's on that local network. Not long-distance hackers, but in case of physical presence outside of your network they could assign virtual IP to the MAC addresses of your PC's and access it directly that way, not to mention danger of PC's bypassing your one-NIC firewall and unsafely connecting to the outside. Ljubomir