Hello Simon, thanks for your reply and valuable input.
Actually my ISP offers a /30 to use for link addresses. In the settings of the router provided by the ISP (FritzBox 6490) I must define an ethernet port as "exposed host". The NIC connected to this specific port is configured with this /30 network. In my understanding the router is working as a modem on this ethernet port only. Is my understanding correct that you recommend to use the device in routed mode. With regards to Debian installation on Alix board I didn't consider that there's a downside of systemd. In fact I found a webpage <https://wiki.polaire.nl/doku.php?id=debian_buster_alix2d13> that documents the installation of Debian Buster on an Alix board. What is the downside using systemd on an Alix board? THX Am Do., 6. Jan. 2022 um 13:24 Uhr schrieb Simon <li...@thehobsons.co.uk>: > Thomas <74cmo...@gmail.com> wrote: > > > With regards to the transparent / bridge firewall I think to skip this > because I cannot determine if my ISP is offering WAN-routing that is a > pre-requisite for a transparent / bridge firewall. > > I think you may have this the other way around. > > A transparent bridge looks just like a network switch to the rest of the > network - i.e. traffic passes through it without modification. Hence > anywhere you can use an ethernet connection you can insert a bridge. > The biggest problem is where you have it between your ISP router and your > internal router. In that case, it only sees traffic after it’s been through > any NAT (or other packet mangling) in your router - hence you can’t (for > example) permit/block traffic to/from specific devices unless you do it by > protocol alone. It’s typically easier to do the filtering in the same > device that’s doing the mangling. > > If the ISP offers friendly routing options (e.g. they offer a /30 to use > for link addresses between their router and yours, and route traffic to a > different subnet via your router IP), then it’s much easier to use a device > in routed mode. I’ve never seen this on “home” services, and on “business” > services I’ve seen different suppliers offer some “interesting” options > regarding this. > > Simon > > > Note: Although it’s not related to your query, I stopped using Debian > after Squeeze - i.e. several releases ago - as I’m not prepared to allow > SystemD onto anything I’m responsible for maintaining. While I’m only doing > this for home use now (used to do it professionally until about 4 years > ago) I only use Devuan for new installs. > Without looking at any details, I suspect that running a “small” > installation for the sort of hardware under discussion is somewhat harder > now with the hard dependency on SystemD baked into Debian. > > > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users