NetBEUI as main protocol

John E. Malmberg wb8tyw at
Wed Dec 11 05:29:00 GMT 2002

Jason Hihn wrote:

> Good comments, all of them.
>> I hate to say it, but it really comes down to the fact that you are
>>  trying to hide behind a protocol, instead of doing a proper
>> firewall for your LAN.  No offense intended....
> None is taken. *I* did not set it up this way, and I had thought of 
> some of the very same points that people have raised. I do not yet
> have config control of the box, but I'll be have it eventually. Until
> then I have to convince those that do have control that putting
> TCP/IP on it is no less as safe.

If you know for sure that you are the only network connected to that 
physical port of the ISP's router, than the router will likely provide 
you with the protection that you want.

Note that even if you own a complete CLASS C address block, an ISP can 
put several subnets on the same router port.  They share all broadcast 

That includes ARP (Address resolution protocol) packets that are used to 
map I.P. addresses to your adapters.  On a large ISP, this traffic from 
other users can be enough to bog down your network.

And if someone else is accidently makes an I.P. configuration error, it 
could break both of your networks.

All good reasons to have your own firewall.

Now broadband ISPs also typically have filters in their cable modems, or 
equivalent that when it is working will also block the netbeui traffic.
ARP traffic by nature can not be blocked by a cable modem.

But be aware that the filters are not always on.

Also you may want to look at NAT or (I.P. Masqurade for LINUX).  It 
allows you to only pay for the number of Public I.P. addresses that you 
need from your ISP, instead of a whole netblock.  If that is applicable, 
it could be a cost savings to your company.

wb8tyw at
Personal Opinion Only

More information about the samba-technical mailing list