I incorrectly posted this to c.s.firewalls, and got little useful response.
It belongs here, I think.
--------------------------------------------------------------------------------
I've asked questions about this a while back, but still not sure of details.

I've got ADSL from my ISP via Qwest to an Actiontec 1524 DSL modem. It is
connected to an ethernet switch, to which a Linux box and a M$ PC are also
connected. The Actiontec is the "gateway" with a permanent address on the
LAN side. It connects to the ISP using PPPoA and DHCP. Or so says the
Actiontec's web page.

It appears that as long as everything is up and running, the Actiontec sees
the ethernet switch as an active component, even when both computers are
powered down. At least it shows a regular blip on it's ethernet interface,
suggesting that there is activity, and the interface light remains on at
all times. When both computers were connected directly to the Actiontec,
the interface lights went out when the computers powered down.

Questions:

1) It would seem that neither computer has to worry about DHCP, as that is
settled between the DSL modem and the ISP. Effectively, then, the
computers are left with a permanent Internet address. Is this correct?

2) If so, then it would seem that as far as the computers are concerned,
they both access a fixed internet address, and that address is the LAN
address of the modem and not the assigned address on the ISP side. Is that
correct?

3) I've made a practice of having a terminal running tcpdump whenever the
box is up, and have seen no intrusive activity at all. In fact, except for
explicit activity with the time server, the mail server, the news server,
and whatever http server I'm doing business with, there is no more activity
now than when the DSL modem was not connected to the LAN. Given that the
modem is actually a NAT enabled bridge, does that suggest that it is doing
everything that needs to be done? I'm aware that this is commonly thought
not to be the case....

4) The PC is running Zone Alarm, just as it did when it was a dial-up, with
ZA now seeing the Internet via a gateway on the LAN rather than via a
dial-up account. Apparently there is no change in the extent of protection
offered. Or maybe we've just been lucky? I'm running Shorewall on the
Linux box, configured the same way, and have yet to see any untoward
activity. Not sure how well it's configured, but apparently it works.
Again, have we just been lucky?

5) The point of all this is that I'm generating a real firewall for my box,
with every issue addressed. I'm using Bob Ziegler's "Linux Firewalls" as
the prototype. I gather that he and his work are generally well regarded.
Is that the case in this venue as well?

6) And finally, if any of the resident experts are familiar with Ziegler's
book, I would appreciate the chance to post specific questions; and
probably enough of them to bore everyone stiff....LOL!!!! Is anyone
familiar with this stuff and willing to mentor me a bit, please?

Thanks all,

Bill Tallman
--
Registered Linux User: #221586
Mdk-9.0 and IceWM
Gkrellm still watches over me...