Software firewall w/ router; is it needed?

[SnapperOne 0]

Have just moved from Win98Se to 2000-Pro. As part of the "upgrade" (?), networked my two PCs through a LinkSys Router/Gateway, with the general purpose being some file and printer sharing, but primarily broadband sharing.

 

On the stand-a-lone systems under Win98, always ran Zonealarm as a firewall. Even though my tech friend, who helped me with the router, says he has left two ports on the router open for something or another, he's suggesting that I do not install Zonealarm. He says to let the system(s) run as set up for 30-45 days to make certain everything is OK, then we can install a password on the router.

 

(1) Is it possible to effectively run a software firewall between a PC and a router.

 

(2) I don't quite understand why it's necessary to let the new OS and network run for awhile, with two open ports, before slamming the door on a possible hacker by setting up a password at the router.

[clutch 1]

Well, I don't know why your friend would want to wait on the password other than for convenience for troubleshooting later on. Now, as for the firewall bit, I don't bother with one on my home network using the same router. Since it is using NAT (Network Address Translation), it's basically "security through obscurity". You can't see directly into the LAN from outside across a NAT system, since it relies on IP/port translation. But, you could take the extra step and use ZoneAlarm if you like. Plus, with ZA you get notified what apps are trying to get out as well.

[maxg 0]

I agree with clutch. I have been using a Linksys BEFSR41 for 2 months.

I do use ZA, but for blocking apps and or trojans from calling out. (I have 5 users at my house, so can't be sure what everyone might download/install!)

 

Before I bought the router, I had at least 2 (and up to 100s) of alerts from ZA per day!

With WAN blocking enabled on the router I have about 2 alerts per month! And it's usually an ftp server trying to do a trace back.

 

P.S. Get a more thorough explanation from your friend! If he's leaving ports open so he can access it for troubleshooting from outside; What's to stop a malicious user from getting in (other than the low odds that a hacker will even find you). And no password??!!! I'm sorry, no offense but I think that is 10 levels below dumb!

[SnapperOne 0]

Sent an e-mail to LinkSys about using ZoneAlarm. They were less than supportive of the idea. Told them I was trying to protect two open ports; they still said, "Bad idea. The router is a firewall. There is no need for another". Interestingly enough, however, they never addressed my concerns about the two open ports. How can their "firewall" be effective if two ports are left open?

 

SnapperOne

[DosFreak 2]

heh. They actually told you that their router was a firewall?

 

Bwahahah. Well I guess I'll just take down my Sidewinder and just use my router then. ;(

[clutch 1]

LOL! Screw the PIX, Linksys has what I need!

 

NAT/PAT IS NOT THE SAME AS A FIREWALL! It is not the same at all, in any way. Some of the overall effects may *appear* the same, but they are not.

[SnapperOne 0]

DosFreak.............

 

The following is an exact extract of that portion of the message I received from LinkSys that relates to firewalls:

 

"The Router already has a built-in firewall and Installing a firewall

software, moreoften encountered problems regarding conflict

between the router's firewall and the software."

 

 

SnapperOne

[SnapperOne 0]

Having a running "battle" with LinkSys, ZoneAlarm, and GRC. LinkSys says don't use a software firewall with the router, so they won't provide info on how to do it. ZoneAlarm says no problem, and I should go to GRC for instructions. GRC, who has no piece in this whatsoever, says it's a good idea to run ZA with the router, but has no detailed instructions either. Ffffffffffffrustrating!

[cablehog 0]

Well, I can only speculate on this, but I can see how he MIGHT leave a port open for VNC or PC Anywhere, but VNC (Which I prefer) only uses's one port.. 5900(By default). I had a LinkSuxs, but had to keep unplugging it in order to unfreeze it. I have since bought a NetGear RT314. It has a switch built in and provides all the firewall I need. Plus, you can telnet into it (If you forward port 23 to it's IP) or forward port 80 to it and use it's web GUI.

 

My sugestion... If you insist on using Linksys, put a password on it and close the ports. Unless you are running some type of server in your network that you want to access the WAN, you should have no need to forward ports. On a similar note, if you are playing any online games or Netmeeting that use random ports, put that PC on DMZ(Which will bring it out of the firewall) instead of trying to track what ports each program is using. You can easily remove it from DMZ when done. If it makes you feel any better, run a firewall program while DMZ, but I wouldn't bother if you aren't.

[SnapperOne 0]

CableHog....

 

Thanks for the headsup. Will be working on the system tomorrow, and will probably close the ports and install the password. No problem with hack-attempts yet (nothing on either machine to worry about yet), but I'd just feel better closing the door.

 

SnapperOne

[cablehog 0]

Always glad to be of service! Check out getting a Netgear if you are running a serious site..

[SnapperOne 0]

cablehog.........

 

Nope, not a "serious" site; just a 2-PC peer-to-peer.

 

Originally wanted to play some head-to-head strategy games; but, since the systems are really my wife's business PCs and she/we decided to network the systems using 2000Pro, 90+% of my games don't run well or at all on the new OS configuration.

 

$500-600 worth of games just taking up space on the shelf. Have thought about buying a CompUSA, etc.....Win98 "In-Store Special" PC just for games, but have better things to do with $1000.

 

SnapperOne