ron wrote:
Do I really need a Nat router?
Probably not if- you are careful to not open your firewall except for services you intend for others to touch (probably none at all, or maybe just ssh)
- you only have the one machine or that machine will do routing to share the internet connection
By default nobody can touch much on your box with the local firewall up, even if they are all over your internet connection (nmapping your box from another over the Internet might provide some reassurance of that). The router boxes themselves have an OS and firewall setup not so much different from Fedora, and I bet Fedora gets much more update and security attention than that router OS.
If you do expose ssh externally:- move it to listen to a nonstandard port by setting Port in /etc/ssh/sshd_config to something else and service sshd restart
- Stick a hole in your firewall accordingly if so, eg iptables -I INPUT -p tcp --dport 56789 -j ACCEPT service iptables save- Also consider disallowing password login over ssh by changing PasswordAuthentication to no in the same sshd config file
-Andy
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature