[DRAFT] A router performs the following key features:

1. A gateway between different network areas
   1. Restrict network traffic
   2. Forward Network traffic
   3. Track network traffic, allows traffic incoming only if response to out going (one way traffic) This is primary firewall action and primary security action! This is often confused with NAT, NAT is additional to this!
2. NAT (Network Address Translation) is basically mandatory for IPv4 due to limited address space and optional for IPv6
   1. NAT obfuscates Local IP addresses behind public addressable WAN IP address(es). This obfuscation arguably provides some security. The key security is the restriction of gateway traffic into the LAN. See interesting notes on this from GRC NAT Router Security Solutions, note that I do not necessarily agree with NAT being a primary security function (The primary security function is the firewall that only allows a type of one way start of discourse. NAT does provide some obfuscation, but this is of very limited security value to an experience hacker, double NAT also allows double fire wall, but the performance affects and complexity on the LAN are simply not worth the trouble. Also again many vectors of hacker attack can by-pass this type of security.)
   2. NAT obfuscation wrecks simple end to end IP addressing that is required for some services, e.g. VoIP. This requires additional services to compensate, e.g. STUN/TURN services.
   3. I have tried to use IPv6 via a HE tunnel arrangement, but felt this was not would the trouble in the end. I am not sure if I would use NAT on a IPv6 LAN, but a good firewall is absolutely mandatory in all cases.

Key networks services, such as DNS and DHCP are separate functions that a router may perform, although correct router setup is required to allow these services to function.

Basically the same as Ubuntu, except I tried with Debian Buster (10). I updated to Debian Bullseye (11). When I updated to Bookwork (12) the update failed. I then managed to corrupt the configuration files on the router….. Hopefully these notes expedite recovery.

Having used Ubuntu for the past many years I have grown use to netplan. This is not native on Debian Buster, so needs to be installed: sudo apt install netplan.io it basically just seems to work. Now I have gone back to preferring /etc/network/interfaces.

One of the benefits of Debian is no Snaps! Also a whole pile of other Ubuntu crud is not there!

tl;dr;