He said this was an ethernet handoff from the isp; they are not simply going to plug him into a switch; he will most likely get a port on a cisco; they should be able to apply policies for him.. no? I don't see why he even needs a router, unless there is a lack of a trust of the upstream's ability to filter.. Or if you know beforehand they will not? Oh, and c'mon Roeland, ipfwadm isn't *that* horrid. :) Granted, linux will not have release-stable socket filters until 2.2.*, but it ain't half bad..! If your business requires offsite support of hw/sw, a 2514'd do you justice, but it can also be useful to have a un*x box as the router.. cheap proxy/cache engine anyone? -g
Don't use any routing protocol at all. Actually, skip having your own router too.
Agreed, we ran default static routes for a long time. Y'all don't even need a router. I might recommend a LinkSys 2-port ethernet switch, though. (Control collision domains, See DataComm Warehouse.).
Hm. My main goal is to be able to block stuff from entering my LAN that I don't want there. With a Cisco or Livingston box or something similar, it's just a question of installing filters. I could set up a box and use ipfwadm, perhaps that would be the best thing to do?
That would be the cheap thing to do. But, from personal experience, ipfwadm is a PITA! Granted, you only have to do the setup once, thank God.
If you have the budget, buy a firewall-router/switch. But, they're decidedly not cheap. ___________________________________________________ Roeland M.J. Meyer, ISOC (InterNIC RM993) e-mail: <mailto:rmeyer@mhsc.com>rmeyer@mhsc.com Internet phone: hawk.mhsc.com Personal web pages: <http://www.mhsc.com/~rmeyer>www.mhsc.com/~rmeyer Company web-site: <http://www.mhsc.com/>www.mhsc.com/ ___________________________________________ SecureMail from MHSC.NET is coming soon!