Subject: Are multiple services on a router acceptable for home use?
To: None <>
From: =?ISO-8859-1?Q?Mikael_Nystr=F6m?= <>
List: netbsd-users
Date: 12/01/2007 18:56:14
I'm looking for some advice on wheter it's a good idea to move the  
router functionallity from a standalone box to my server. This is for  
home use and the reason is to reduce the number of machines that  
needs to be feed with power 24/7. The server is only running a small  
set of services such as DHCP, NFS and NTP on the behalf of my home  
network which isn't too crowded. Would enabling packet forwarding and  
using ipf/pf be a good idea in a "secure-enough-for-home-use" context?

One thing that I will do is to try to make sure that all services  
only accepts requests from inbound interface and use a sane set of  
rules for the packet filter, but are there other steps I could take  
to lessen the chans for a disaster?

I suppose that one could go as far as using a combination of read- 
only disks, securelevel, veriexec and systrace but that seems just a  
bit paranoid for a simple home user like myself. It would be cool  

By the way, have been running 4.0_RC4 with zero downtime since it was  
tagged so it's looking good from what I can tell! :-)

Regards, Micke