[SFS] Is it a good idea for a Internet-facing router to do more than routing?

Chris Fedde chris at fedde.us
Sun Oct 24 16:07:04 MDT 2021 

Most of the time these days our internet facing hardware is special purpose
built by a vendor for the task of doing "packet stuff".
Still a standard linux box can do all the different packet router stuff as
well as all the other linux stuff.

I'd say the choice is mostly about risk management.  The internet is a more
brutal place than it was in the 1990's.  The average script kiddy has way
more resources and code assets available.  So we get stuck with the typical
"It depends" answer.

Dividing the packet forwarding/firewall functionality into another box is
not enough by itself.   And we are never caught by stuff we planned for.

For me the main problem is not technology but complacency.  How recently
did I update my routers and servers?  Have I checked the logs recently?
Have I read the bulletins and notices about the equipment I'm trusting?

The answer might be different for a home user than it is for a business
user.  And different again between the wifi service at a coffee shop vs the
internet services for a customer support desk.  I doubt such blanket advice
was ever valid.


On Sun, Oct 24, 2021 at 3:24 PM Dennis J Perkins <dennisjperkins at comcast.net>
wrote:

> I've been looking at Freedombox, which is a project for a private home
> server for non-experts.  One thing it can do is act as a home router if
> you want.  The Amahi project can do the same thing. However, I remember
> reading back in the 90's that you should never put other things on an
> outward-facing  router.
>
> I'm not so sure if this advice is still true.  Everything goes thru the
> firewall, so if something gets thru it, your network at risk anyway.
>
> OpenWRT lets you put services on the router too:  a print service,
> Letsencrypt, OpenVPN and Wireguard, and maybe more.
>
> What do you think?
>
> _______________________________________________
> SFS mailing list
> SFS at lists.sofree.us
> http://lists.sofree.us/cgi-bin/mailman/listinfo/sfs
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sofree.us/pipermail/sfs/attachments/20211024/84267ccf/attachment.htm>

More information about the SFS mailing list