FreeBSD router: Can my internet provider detect my home network?
Uwe Doering
gemini at geminix.org
Sun Apr 11 00:24:41 PDT 2004
Rob wrote:
>
> I plan to have a FreeBSD (4.9 stable) system serving as a router
> between my provider and a set of my home computers connected
> via a home network.
>
> My provider does not really like this, but I don't care so much,
> as long as s/he cannot detect (too easily) my home network.
> [...]
>
> Is it correct, that the combination of firewall and natd divert
> all requests and thus hide the home network for my provider?
> Are requests from all other networked home PC's done on behalf of
> the router, so that my provider will only see requests from my router?
If they want to, they can detect that there's more than one computer
using that link. They just need to look at the TCP sequence numbers.
This way they can associate TCP packets with their individual
originating hosts. If they see more than one group of sequentially
increasing TCP sequence numbers they know that you're cheating.
Whether they really care about it as long as you're not causing
excessive network traffic or other trouble is a different matter.
The only way to really hide your computers is to block direct Internet
connections and instead use proxy software on a gateway server for each
and every service. IMHO, quite an effort for probably just a couple of
bucks saved. Larger companies do this, but for security reasons and
also to control what their employees do on the Internet.
Uwe
--
Uwe Doering | EscapeBox - Managed On-Demand UNIX Servers
gemini at geminix.org | http://www.escapebox.net
More information about the freebsd-questions
mailing list