router vs. firewall

Firewalls

Moderator: 127.0.0.1

router vs. firewall

Postby epikal » Sun Apr 06, 2003 6:35 pm

how does a router hold up to a traditional firewall?
epikal
n00b
n00b
 
Posts: 11
Joined: Sun Apr 06, 2003 3:20 pm
Location: United States

Postby kostyanj » Sun Apr 06, 2003 10:33 pm

A router doesn't compare to a firewall.


A router simply sends traffic between networks while a firewall blocks or allows traffic.
User avatar
kostyanj
Admin
Admin
 
Posts: 836
Joined: Thu Feb 27, 2003 4:08 am

Postby slacker » Mon Apr 07, 2003 8:58 am

kostyanj wrote:A router doesn't compare to a firewall.
A router simply sends traffic between networks while a firewall blocks or allows traffic.


Its true that a router basically routes packets but for home use it does in fact act as a fairly descent firewall. It doesnt route incoming packets so pc's behind it are basically stealth. And if you want to run a server like say an ftp or a web server you can forward the ports... but this can lead to vunerabilities if say... iis had an exploit ( code red, nimda ) then the firewall would be useless in this case.

But your right... it doesnt compare to a stateful firewall. For windows check out kerio winroute firewall. This firewall kicks any routers butt. The thing i like the most about it... is my pc is totally stealth... but you can make an address group to allow certain people you trust to access. It does NAT/port forwarding and it has the ability to scan files as you download them for virii ( built in mcafee ). So this means all computers behind the host are secure from virii. It also can block activex/javascript popups/<script> tags. All computers behind are free of popups :). It strips the popups before the html gets to the browser. There is a connections window that shows all active connections. i have not seen any firewall offer as much as this one does... The only thing it doesnt do is specific application/permissions like zonealarm and other popular software firewalls. But I dont even like that feature. As long as my pc is stealth and it has a built in virus scanner I dont really need to worry about trojans. Then of course you can also get a stateful *nix firewall which will be probably more secure if configured properly... but its alot harder to setup if your new to this sortof thing.
slacker
 

Postby kostyanj » Mon Apr 07, 2003 10:25 am

From a home point of view, it is true that most broadband routers do double as a firewall. My Netgear router has a firwall built in which allows basic port forwarding and logging. A true router doesn't have a built in firewall, it only examines packets and sends it to the respective network.

A firewall, such as a software piece (zone alarm, etc), either accepts or denys packets coming in and out of the computer/network. A firewall appliance is basically the same thing except running on a dedicated piece of hardware.
User avatar
kostyanj
Admin
Admin
 
Posts: 836
Joined: Thu Feb 27, 2003 4:08 am

Postby wacky-sung » Tue Apr 08, 2003 6:29 pm

kostyanj wrote:From a home point of view, it is true that most broadband routers do double as a firewall. My Netgear router has a firwall built in which allows basic port forwarding and logging. A true router doesn't have a built in firewall, it only examines packets and sends it to the respective network.

A firewall, such as a software piece (zone alarm, etc), either accepts or denys packets coming in and out of the computer/network. A firewall appliance is basically the same thing except running on a dedicated piece of hardware.


Netgear claim that they have buildin firewall for router but the fact is it is not a firewall.Depend on which product actually you talking about in regard to the buildin firewall.I have a buildin firewall router too but i manage to find loop holes in it.You can try to port scan your own router ip range and you will be surprise that there are holes in it.In addition for your protection,get a software firewall to safeguard it.

My advise to you is that never try to use Zone Alarm cos there are tone of exploits found in it.Get something like Sygate,Tiny software firewall or Outpost.
wacky-sung
End-Loser
End-Loser
 
Posts: 68
Joined: Mon Apr 07, 2003 4:30 am

Postby kostyanj » Tue Apr 08, 2003 10:31 pm

I have port scanned myself many many times, and also from other computers. The only bad thing about netgear routers is that they don't have a loopback feature. Other than that, there aren't really any loopholes in it. They do have a firewall built in and you can configure to only allow certain ports to come through, for instance on my setup, I have maybe 3 ports open, the rest are either stealth (not visible) or closed.
User avatar
kostyanj
Admin
Admin
 
Posts: 836
Joined: Thu Feb 27, 2003 4:08 am

Postby TOP1yuiop » Sun Oct 31, 2004 11:05 pm

the built in firewalls are alright but the best thing to do is have a firewall on your pc :wink:
User avatar
TOP1yuiop
Network Administrator
Network Administrator
 
Posts: 565
Joined: Tue Aug 31, 2004 9:28 pm
Location: in my comp chair - Antioch California

Postby Konan » Sun Jul 09, 2006 4:51 am

Under Linux app "iptables" keep both this functions (router & firewall).
Konan
n00b
n00b
 
Posts: 3
Joined: Sun Jul 09, 2006 4:46 am

Postby shifty » Sun May 20, 2007 12:54 am

Blah blah blah software firewalls mess things up. Certain routers/modems have built in firewalls that allow you to lock everything down, and alot of routers let you use static ip addresses. Having 2 firewalls can cause problems if you're running games, etc. If you have a good router or a good software firewall, that's all you need. Just use one or the other. If you prefer to use software firewalls that hog memory, just go buy an ethernet SWITCH for your computers to share an internet connection... it'll save you a few bucks (for example, buy.com has a Linksys 8 port gigabit ethernet switch for $30+ free shipping right now)
shifty
n00b
n00b
 
Posts: 24
Joined: Sun May 20, 2007 12:28 am


Return to Firewalls

Who is online

Users browsing this forum: No registered users and 3 guests

cron