On Fri, 2018-08-31 at 18:30 -0500, r hayman wrote: > On Fri, 2018-08-31 at 17:13 -0500, o1bigtenor wrote: > > On Fri, Aug 31, 2018 at 4:49 PM, r hayman <rhayman at pureice.com> > > wrote: > > > > > > On Thu, 2018-08-30 at 21:17 -0500, o1bigtenor wrote: > > > > > > On Thu, Aug 30, 2018 at 5:16 PM, r hayman <rhayman at pureice.com> > > > wrote: > > > > > > Like Ioannis, I control my own LAN and isolate it from the "LAN" > > > of the > > > ISP-provided device. > > > > > > I currently have an Ubiquity EdgeRouter and its WAN port is the > > > only thing > > > connected to the ISP-provided device. > > > I set the ISP-provided device into bridge mode (if I can't I have > > > my ISP do > > > it). > > > > > > When this is complete, my EdgeRouter WAN directly faces the > > > Internet (gets > > > an Internet routable address). > > > I have the EdgeRouter set up as a DHCP server on the LAN side and > > > have all > > > incoming and outgoing routes denied by default. > > > I add rules to allow only what I want in and out of my network. > > > > > > I also have the ability to support VLANs for IoT devices that I > > > don't want > > > on my LAN - they get a separate VLAN > > > > > > Set up like this, my entire LAN operates within the LAN even when > > > the ISP or > > > the WAN goes dark. > > > > > Thank you. > > > > I have some reading and then some thinking to do. > > Have already been looking for 2 routers (I like to carry a spare so > > that when one > > dies that I have a replacement to hand). > > > > When thinking is completed if I have questions I will be back at > > you. > > > > Thanking you for your assistance. > > > > Dee > > _______________________________________________ > > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > > tclug-list at mn-linux.org > > http://mailman.mn-linux.org/mailman/listinfo/tclug-list > > > This picture should help you digest the concepts of firewall in, > firewall out, and firewall local and how rules can be configured > https://community.ubnt.com/t5/EdgeRouter/Layman-s-firewall-explanatio > n/td-p/1436103 > > _______________________________________________ > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > tclug-list at mn-linux.org > http://mailman.mn-linux.org/mailman/listinfo/tclug-list With my setup, the GRC Shields Up scan tells me this: "Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice." -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20180831/c3d50173/attachment-0001.html>