Sorry, but I don't consider NAT Routers to be firewalls, they are routers with some fancy features, not firewalls.
Many "Firewalls" do know the difference between SMTP and traffic over TCP 25 - so, while you've yet to see one, you just are not working with the better hardware out there.
As for Bugs, yes, but I only purchase certified appliances, ones from vendors that have a proven record of staying secure and clean, so I trust that a LOT more than what most people use in their homes.
A cat5 cable cut in half does. Is it a firewall?
Firewalls in the traditional definition never did, were they not firewalls? Application-level protocol recognition is only recently on the scene, yet we've had things people called "firewalls" existing for quite a while before that. I'd hate to think I didn't get the memo about someone changing the definition of "firewall" with the International Standards Organization.
So when did the definition of "firewall" start requiring it to also fit the definition of "network intrusion prevention device" or "network intrusion detection device?"
Just curious.
Ah, okay here's where we come down to brass tacks--with the use of the word "I."
Seme folks seem to have their own definition of a firewall that doesn't match that accepted by over the course of a lot of networking history inlcluding the present. This view categorically rejects those devices which don't fit a personally crafted unique definition of "firewalls."
Unfortunately, it's pedantic and pointless. But then again, so it much of the banter by the more abusive posters here. To protect their identity, we won't mention Leythos and Sebastian by name.
Now, that's not to say there isn't something to learn about the range of functionality one might want to consider in their border protection in the narrow definition such folks try to paint, but being so prickly about what to call a "firewall" and what to call a "NAT router" is just a freakin waste of time. Better to say "corporate grade border security appliance" which has built into the obvious fact that functionality and features of corporate grade hardware exceed that of $70 Linksys gear popular among home and small office users.
And let's not forget that there was a time not very long ago where the fucntionality packed into your garden variety wrt54g (particularly one packing the fucntionality of third party firmware) took a HELL of alot of much more expensive hardware and was certainly considered a "firewall." And still is for that matter.
Those with what I'll call this "modern purist" view may be shocked to see the breadth of defintions for our friend the firewall that are in existence that cast a much bigger net than his own:
Best Regards,
Not at you.
Don't know.
My GV-based box does Symmetric NAT, with port preservation whenever possible.
Chris
I've not been Abusive to any person here. While I certainly know that NAT appliances are not firewalls (but firewalls can do NAT), there is a misconception as to what the public is being told a firewall is.
Yea, you don't like it, you must be one that purchased one of those BEFSR41 units and fell for the "it's a firewall" crap - did you know that when the BEFSR41 was introduced it was called a ROUTER with no mention of firewall - a year later, with no changes, it was being marketed as a "Firewall" - same box, same firmware.....
So, like it or not Todd H, most residential users are not using firewalls, they are using ROUTERS.
My personal guess: The "visitor" came over one of the open ports. Especialy "remote access" sounds "inviting"! Peer-to-peer is another possibility.
I would open those ports only when needed. (And only for that time) (And only for one IP-Address)
Just my 2 cents
Rudy
I'd say this would be an excellent gateway for the low-cost consumer market. Since it tries to avoid hassles with the NAT, the user is happy and, due to lowerr support costs, the vendor is happy. That's exactly why they implement it that way.
true but then again people who use things like that shouldn't be allowed to have a router/network in my humble opinion. these are prob the same folks that go on fastrack or edonkey and share their c:\\ drive. but if my router did that (5000-10000) i would throw it out of the winow in an instant.
For 1:1 NAT aka IP masquerading you got it quite wrong: Such an implementation could and even should forward every incoming connection, because the target is always exactly known. For 1:many, dropping the incoming connections would be the only correct, but not surely the most reasonable implementation.
FTP data traffic is not directly defined to be related to the control data. Let's say the client surfs to a website containing a Java or Flash applet that implements the FTP protocol, it might still issue correct commands to open associated ports.
If the router closes all ports and conceals LAN IP addresses then it's just as good, and in one respect better than, any software firewall.
Uh oh. Someone said "software firewall."
Brace for the impending ranting about how they aren't firewalls either.
opps, I didn't expect to get off scott free.
IF it closes all ports (nat is irrelevant). But the hypothesis of the thread was that ports were being punched through the router. Note that a router which refuses to pass on ports IS a firewall. And since it operates on software loaded on the router, it is a software firewall.
Actually, a NAT Router is better than any PERSONAL firewall solution installed on a non-dedicated computer.
what if your Personal Computer runs a BSD (ipfw,pf) or GNU/Linux distribution (iptables) and is there such a big difference between a firewall that has its code burned in flash (firmware) and a firewall that hooks into the tcp/ip stack of a a general purpose OS
As long as it a dedicated computer and not one that users are playing/working on, then it can easily be a firewall. Checkpoint running on a Nix OS is a great example of a dedicated server class firewall - notice the dedicated.
With all that is available at a reasonable cost today, a firewall that is just a router is not really a firewall. The appliances I install can tell the difference between SMTP and HTTP or FTP and do a lot more, that's the least I would install.
This still goes back to these cheap residential units called firewalls by the marketing department - if you look up NAT, it's routing, simple and plain, not Firewalling.
And if you look up firewalling um... it can be implemented by.... wait for it.....
ROUTERS!
I don't dispute marketing departments being very prone to overblowing capabilities of many devices, but show me a good citation from a widely known source for "firewall" implying or requiring all the things you include in your definition.
Point is, it's not nearly as narrowly defined as you seem to require.
No doubt a "firewall" appliance that implements IPS, IDS, allows no traffic by default, has the ability to provide a higher level of security than your garden variety broadband router for the home office market, but... that does not mean the latter class of devices don't also fit the definition of firewall. They're just lesser firewall appliances.
Firewalls can route, routers are not firewalls.
I'll give you that, but people seem to think a firewall will protect them from many things that these NAT Routers don't protect them from, and a firewall appliance can and does protect them from.
And now you are going to tell us what the difference is between a NAT router that rejects all incoming unsolicited connections, and a firewall that rejects all unsolicited incoming connections. It is certainly true that a firewall can be a slightly less blunt instrument, and can reject or accept more subtly that a NAT router can, but IF that router is set up not to do any port forwarding, then it is also a firewall set up to reject all incoming connections.
There are two major differences:
No, I'm not going to go around in circles for you - you've already shown that you can't comprehend what is written vs what you think was written.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.