Hello Simon,

thanks for your reply and valuable input.

Actually my ISP offers a /30 to use for link addresses.
In the settings of the router provided by the ISP (FritzBox 6490) I must
define an ethernet port as "exposed host".
The NIC connected to this specific port is configured with this /30
network. In my understanding the router is working as a modem on this
ethernet port only.
Is my understanding correct that you recommend to use the device in routed
mode.

With regards to Debian installation on Alix board I didn't consider that
there's a downside of systemd.
In fact I found a webpage
<https://wiki.polaire.nl/doku.php?id=debian_buster_alix2d13> that documents
the installation of Debian Buster on an Alix board.
What is the downside using systemd on an Alix board?

THX

Am Do., 6. Jan. 2022 um 13:24 Uhr schrieb Simon <li...@thehobsons.co.uk>:

> Thomas <74cmo...@gmail.com> wrote:
>
> > With regards to the transparent / bridge firewall I think to skip this
> because I cannot determine if my ISP is offering WAN-routing that is a
> pre-requisite for a transparent / bridge firewall.
>
> I think you may have this the other way around.
>
> A transparent bridge looks just like a network switch to the rest of the
> network - i.e. traffic passes through it without modification. Hence
> anywhere you can use an ethernet connection you can insert a bridge.
> The biggest problem is where you have it between your ISP router and your
> internal router. In that case, it only sees traffic after it’s been through
> any NAT (or other packet mangling) in your router - hence you can’t (for
> example) permit/block traffic to/from specific devices unless you do it by
> protocol alone. It’s typically easier to do the filtering in the same
> device that’s doing the mangling.
>
> If the ISP offers friendly routing options (e.g. they offer a /30 to use
> for link addresses between their router and yours, and route traffic to a
> different subnet via your router IP), then it’s much easier to use a device
> in routed mode. I’ve never seen this on “home” services, and on “business”
> services I’ve seen different suppliers offer some “interesting” options
> regarding this.
>
> Simon
>
>
> Note: Although it’s not related to your query, I stopped using Debian
> after Squeeze - i.e. several releases ago - as I’m not prepared to allow
> SystemD onto anything I’m responsible for maintaining. While I’m only doing
> this for home use now (used to do it professionally until about 4 years
> ago) I only use Devuan for new installs.
> Without looking at any details, I suspect that running a “small”
> installation for the sort of hardware under discussion is somewhat harder
> now with the hard dependency on SystemD baked into Debian.
>
>
>
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to