I have DSL, here's my layout:

DSL modem connects to firewall which connects to 100mb hub. The 8-port hub has 4 systems connected to it, and a cable goes under the carpet to the bedroom to another 100mb hub. That hub has 2 network-aware disks and 2 web servers attached to it. Of course, I have a static IP. The firewall takes care of routing public traffi into the web servers. So far, speed seems reasonable (1gb of traffic per day) most of the time.

Does that help?

Richard Lowe

When you say firewall, I assume you mean a "router" that also functions as a firewall?

Yes, the firewall has a built-in NAT interface.

Richard Lowe

I just recently switched from PPPoA (Point-to-Point Protocol over ATM) to PPPoE (Point-to-Point Protocol over Ethernet) and the difference is great. No more serving the connection to other devices on your network.

Westel makes a pretty reliable router, but I'd ask your provider for what they support. (Some DSL ISPs won't give you tech support if you don't have the right hardware.)

Thanks

So let me try to understand this..you connect the DSL modem to the router and plug all the goodies into the router?

More or less. Sonicwall (http://www.sonicwall.com/) makes some good devices for this. The Sonicwall Pro is a good firewall/router/NAT/DHCP/hub system for a reasonable price. About a year ago mine cost around $350 I think.

Richard Lowe

I recently purchased a Linksys 4 port EtherFast Router with 10/100/1000 switching and NAT (firewall) at BestBuy for $79 (including a $10 rebate) Works terrific. Came with set-up wizard software but I didn't need it since my connection is DHCP; it self config'd as soon as I connected it and re-set the Cable/DSL modem. There's a free website that you can add connections, ip aliases, clone the MAC and set firewall permissions.

This may be a little off topic, but one of the disadvantages of DSL is that it easy to walk away from, leaving your system online. Most routers now have a hardware firewall built in, but it can be a false security. Hardware firewalls can have two "holes", so to speak.
As I understand it, a computer's ports as viewed by hackers can be in any of three positions. Open, closed and stealth. If your ports are open, sooner or later you are going to get hacked. If you have either a hardware or software firewall, your ports are mostly closed, but still visible, and a good hacker still may be able to penetrate the firewall. But if you combine a hardware and software firewall there is a very good chance that all, almost all, of your ports will become invisible, thus the hackers can't even find them.

You can test your computer's vulnerability at Gibson Research (just look on Google).

With a combination of a D-Link hardware firewall and Zone Alarm Pro software firewall I have managed to reduce all of my ports to stealth mode, except for one which is seen as closed. (This is considered very secure.) As well, my NetBIOS is also completely inaccessable from the outside, something that Gibson Research states, "This is very uncommon for a Windows networking-based PC."

The second vulnerability is Trojan Horses and worms which, once installed on your computer can allow a hacker access right through your hardware and/or software firewall as though it did not exist. (As far as I know, basic hardware firewalls cannot stop this sort of access.)

One of the advantages of Zone Alarm Pro (other software firewalls may now also offer this feature) is that you can monitor all outgoing information from your computer, and choose which programs are allowed to connect with the outside world. This effectively neutralizes Trojan Horses and worms. (And automatic updates :) )

I have rarely has as much trouble with any piece of software as I have with zone alarm. I have probably wasted a dozen hours in the last month attempting to find issues with my machines, only to find, yet again, that it was zone alarm. Thus, zone alarm has been removed from all of my systems.

I use a hardware firewall (a sonicwall) which supports stealth mode. I just tested it with some tools which simulate attacks, and it passed beautifully (over a thousand different types of attacks).

I don't like software firewalls because they (a) tend to be expensive both in money and machine resources, especially if your network has more than one machine, (b) they tend to be much weaker than dedicated hardware boxes, (c) by the time a software firewall has stopped an attack it is already at your computer. I would much rather have the attack stopped BEFORE it reaches my computer.

As far as the inside stuff, there are things people should be doing, including installing and updating good antivirus software, making sure their patches and service packs are up-to-date, using common sense, and having a good, password protected screen saver. Also, using products such as ad-aware will remove the spyware issue. If you use outlook you should install the outlook security release. IE6 has excellent privacy controls for cookie management and adsubtract is great for dumping ads and web bugs.

The best thing people can do, of course, is to become educated on computer security and practice "safe computing". While it's not as critical as "safe sex", safe computing is vital.

Richard Lowe

I'm running dsl with a linksys 4 port router [linksys.com]/hub made for dsl/cable connections. Basically, 4 boxes plug into it. It was gravy to setup and works like a champ. I had one last year that gave me fits for a bit and exchanged it - worked perfect since.

Sometimes it's real tricky trying to do things like getting the right routing on a webserver or email server from one box to the other box locally. I had a situation here last month, where my local domain insisted it was on the other box. I'd put in the local domain name and it would always go to the other box looking for the web server while inbound traffic would come to the right box - took days to get it to work right again after reinstalling everything over on 4 boxes from scratch (I never did locate the actual problem).

Hardware firewalls have vastly improved over the last couple of years (as have software firewalls) and some people may still have hardware firewalls that might benefit from the solution I suggested, as my D_Link did, which is going on two years old, and would be considered a senior citizen by today's standards.

You cannot, however, hook up a pc fax through dsl. You have to buy a "real" fax machine and plug it in the old fashioned way.

I'm ready to buy a Linksys router/switch for the real estate office (earlier thread [webmasterworld.com]). Looking over the field of possibilities, I'm confused by the "VPN" and "VPN Endpoint." Also, the USB combo unit seems like an easy way to get a PC without an ethernet card on the lan. At the price of hardware, it's pretty easy to adopt a cavalier attitude and just say "money is no object," so which of these would you buy for a small office with a hodgepodge of PCs?

[linksys.com...]

BEFSR41 -Cable/DSL Router with 4-Port Switch
BEFVP41 -Cable/DSL VPN Router with 4-Port 10/100 Switch
BEFSX41 -Cable/DSL Firewall Router with 4-Port Switch/VPN EndPoint
BEFSRU31 -Cable/DSL Router with USB and 3-Port Switch

>BEFSR41 -Cable/DSL Router with 4-Port Switch

this is the the one I use, actually I use "ver.2" which has the 10/100 switch (also has 1000) You can basically run 4 seperate LANs, a total of 253 ips; seems like a lot to me.

The firmware NAT firewall along with Norton Internet Security 2002 stealths, closes and hides all ports in and out... 'nuff said.

Linksys BEFSR41.

"You cannot, however, hook up a pc fax through dsl. You have to buy a "real" fax machine and plug it in the old fashioned way."

Most people have phone connectivity at their home (or where ever their computer resides). And if you have DSL, then you are HIGHLY likely to have a phone line. The simple solution to not having to buy a 'fax' is to just have your modem hooked up via a phone line splitter to your phone line. Whichever program you use for 'fax' (ie winfax, bitware <--- my favorite because of voice mail also) will monitor the line. And then take messages or receive fax, and viaola' you just print it out. You can also send faxes this way.

:)

Thor

I use the alcatel 4 port hub. French company was very heavily involved with the evolution of ADSL in the UK with BT.

Thank you all very much, I am waiting for the modem to come from the vendor, and know where to go from there, thanks to you guys.

RC, The VPN designation stands for Virtual Private Networking. All data transfered between local boxes through that linksys will be encrypted. (you don't need it). You want one of these two:

BEFSR41 -Cable/DSL Router with 4-Port Switch
BEFSRU31 -Cable/DSL Router with USB and 3-Port Switch

The sr41 is the most popular and what most people are using.

Just another data point - I've had the BEFSR41 for 2 years and never had a problem with it. First it was hooked to a cable modem, and now I've switched to DSL.