hello all, this is my first message from my new ADSL Line, I use Repotec Router its model is: RP-IP2404A its type is: 4 port ADSL2+Router Annex A
great, i don't understand any of what i just have written, but i stil have one question ... my router contains Firewall, and i use ZoneAlarm Pro v6.5 (latest version) on my Windows XP_SP2 machine Is there any conflict between ZoneAlarm and Router-built-in Firewall ??? i think my router uses something called NAT, "Azureus told me that" thanks
There's a big conceptional difference between security through firewall, which could be partitially implemented by the router's packet filter, and f****ng up your computer using ZoneAlarm (and surfing the web with MSIE).
First: Well, i don't use MSIE, instead i use Opera 9.0 and sometimes i use FireFox. Second: ZoneAlarm fucks up my computer. Really these bad vocabulary comes out just from your mouth, instead please tell me which is better than ZoneAlarm. Please don't say "Toys" or something i used to read here from you. Also don't say Unix is the best networking system "I know all that" but my work needs MS-Windows.
No there is no conflict. The software running on the router is running on the router. The router's software is not running on the computer with the personal packet filter ZA.
The only problem there could be is if the router had a syslog and was logging sending the data to some logging program running on the computer and ZA was blocking the port, which you would configure ZA to let the router's log traffic through.
Looking it up, it seems that Torrent programs need an incoming port set.
in uTorrent, " Options, Preferences, Network and adjusting the "Port used for incoming connections " as necessary. Remember to re-adjust your port forwarding settings too. "
As it says. You will also need to set your NAT Router to forward that port.
It could be that Azureus is saying that it's a firewall in your router. It's actually referring to NAT, not the firewall there. uTorrent would have the same problem if you don't set NAT port forwarding on your router.
I had a "Home Router" that was a DLink or a Linksys , I can't remember. Perhaps both had this actually. A packet filter built in. A packet filter is - I guess by definition - a basic firewall, the most basic fundamentals of a firewall. He hasn't said one way or the other , so I wouldn't assume. But if his device says it has a firewall, which he can enable, then maybe the device isn't lying. My device did, and the default was letting out all outgoing.
A "Home Router" is a box that does routing. It's often not called a Router or ROUTER. But it is a Router, because a router is a box that does the function of routing. Even if it doesn't let you do very much / isn't very flexible in its Routing functionality e.g. letting you choose routing protocols, or doing things that a cisco router would let you do. And even though it only has one (or 2 rather) router port (the many LAN ports being those of a switch). It's still a router - it has a routing table! So it's even beyond a simple Gateway (and even a simple gateway - no routing table - is a router - I think).
Similarly with a firewall. If it does the function, that is what it is. Though one mgiht not call it a (SW) FIREWALL or "Firewall Appliance".
of course it doesn't. But some of these "Home Router and NAT Devices" also have basic firewalls built into them. Nothing to do with the NAT. As in you can specify IP ,Port,Protocol(UDP/TCP), Allow/Deny. i.e. they have a packet filter function - that's a basic firewall, the fundamentals of a firewall - built in.
Linksys BEFSR41 see user guide p28
(says it has a firewall with SPI)
The one my ISP (Zen internet) recommended and gives a warranty with, Speedtouch 546 it's pretty bad, in the the GUI configuration, talks about assigning games, and doesn't let me specify an IP. But i've heard that it's properly configurable through telnet.
And judging by how bad the GUI is, i'll bet telnet access in a necessity for anybody that wants to do anything useful with it!
So as yet, i havent' ever bought a "home router" that turned out not to have a firewall.
Now this guy actually said he had an option to Enable or Disable, what his "Home Router" called a Firewall.
So surely it's certainly wrong to assume that his "Home Router" Does not have a firewall. On the contrary, if it says it has, then i'd say - assume it has! Unlses there are many examples of "Home Routers" that claim to have firewalls and have enable/disable options but don't have a firewall [function].
Many NAT home routers have a packet filter function, and according to both your links - the vicomsoft link and the more.net link, a packet filter is a type of firewall.
Lots of "home routrs" that i've encountered have had them, in my post to Leythos I listed many typical ones.
If his NAT router says "enable firewall" or "disable firewall" then I suspect it has a firewall - a packet filter - all firewalls do at least that, the one there probably does only that, as is typical in NAT routers..
Though I seriously doubt that is what is causing the problem. I think it's just NAT forwarding not set up - nothing to do with the firewall.
IPsec a packet filter on the Win 2K, XP O/S and Win 2K3 server is not a FW but it acts in a FW like manner. But it's not a FW solution. They don't call it a FW.
If it can't stop outbound, then it's not a standalone FW solution. It doesn't mean the a router as a border device cannot be part of a total FW solution.
I guess he didn't respond because this has been discussed over a 1,000 times in the NG.
I disagree. I had a NAT router that had SPI. It was called a FW device, because the manufacture called it that. But that doesn't mean it's a FW device. I have seen the ones that have the FW enable disable function. None of them are packet filtering FW routers. And just because a router has NAT and some other packet filtering features, it still is not a standalone FW solution.
Just because someone put a label called Firewall with a check box next to it in the Admin firmware program of the router does not make the device a FW solution.
The OP's major question was with the NAT router and ZA and would they conflict. The answer is no other than what I have stated.
If the other program needs ports open on the router, the the same ports will need to be open on the personal packet filter ZA.
I suggest that you go back and read the links again looking at the OSI model that a FW solution that works in the various layers of the OSI model.
Some NAT router for home usage that has NAT, maybe SPI, some on/off switch and a little filtering are not FW solutions.
I suggest that you read all the information in the links provided and not what you want to read.
I wasn't asking why he didn't respond. My point was that there's a list of them there. But to your poitn hat this has been discussed before. Ih aven't seen any such discussion get off the ground.
I had a DLink DSL 504 Home Router. It had a packet filter on it. i.e. it blocked incoming and outgoing given ip, ports. It is precisely what those links you have call a packet filter firewall.
Now, I am not calling that device a FIREWALL or Firewall Appliance or Firewall Solution.
To say it's not a firewall when it has a firewall function, does not make sense. I'd say it is a firewall if it has that function. Your links call a packet filter, a firewall.
This is not like the example you have of a thing that didn't block outgoing and thus is not a firewall.
it referred to packet filter firewalls. It spoke of being able to accept all packets except certain ones. And denying all except certain ones. I couild do all that with that cheap home router, the DLink DSL
504. Specifying Ip, Port, Protocol, Allow or Deny.
you say to look at the OSI layer picture. For what? The first link(vicomsoft) is inaccurate. The second link has it right. a packet filter is really at the network layer and the transport layer(at least a little at the transport layer). Looking at the ports at the transport layer. But how is that relevant to you saying that the packet filter I describe is not a firewall? or that the packet filtering is so lmited that it isn't a firewall.
On the contrary, that first link limits packet filtering to te extent that it only shows it at the network layer!!!! So the packet filter I describe is certainly a firewall, operating at the network layer, and the transport layer.
Point 7 of that first link classifies the packet filtering firewall I desceribe as a packet filtering firewall. What is there in that link that indicates that it's not a firewall?
Onto the second link - which I think comes closer to saying it's not a firewall. But certainly doesn't say that. It says "Packet filtering rules or filters can be configured to allow or deny traffic based on one or more of the following variables:
Source IP address Destination IP address Protocol type (TCP/UDP) Source port Destination port "
The DLink I refer to did ALL THAT.
Now here is where the misunderstandingseems to be On the second link
The article says "One technology that is commonly thought to act as a firewall solution is Network Address Translation (NAT). "
I am not claiming that a NAT is a firewall solution . Was that what some think I wasn't reading?
You might be arguing that a firewall ir used in conjunction with NAT, is not a firewall. But who says that?
That's regarding the home router, and I think other typical ones I listed in the post to Leythos.
Regarding the PFW is not a firewall A stronger argument might be that a PFW is not a firewall- That may be a stonger argument. Perhaps. But i'm not convinced by that argument I notice that second link says that a "personal firewall" is not a firewall, because it doesn't block outgoing. And only provides protection to a single device, not between the device and a network It says "Personal Firewalls Another technology commonly called a "firewall" and marketed as something that will provide security for a network is the personal "firewall." A personal firewall provides protection to a single device (typically a personal computer) from an untrusted network (typically the Internet). Again, when compared to the firewall definition, personal firewalls do not meet the criteria. They do not control access between two networks; they control access to one specific device. "
So they think
1 it only protects a device
it doesn't protect the untrusted network - e.g. the internet
Well suppose I have a computer with a few Network Interfaces, acting as a switch or hub. And I have a good host based firewall, like WIPFW, or a configurable PFW installed (in theory, a PFW should be able to do the basic packet filtering that WIPFW can do). It could protect not just a single device, but a network from incoming attack. And regarding outgoing, it can do so as a packet filter would. The only problem is that it can be circumvented by malware or a cracker user. But I don't see in the criteria that a firewall that can be circumvented is not a firewall.