The idea of a Router as a firewall doesn't make sense to me.
If you have a router. It's pretty common knowledge what IP's it assigns or the limited range you can assign to your computers.
If you have open ports for some of your network to FTP, Netmeet or whatever. Those ports are pretty common knowledge too.
So why would a router be more secure than a software firewall, since someone probing for ips should easily be able to spot the router behind your ip?
actually why doesn't say the cable company spot it? Is that because of the mac address? Mine sure doesn't look like an IP address.... :confused:


now be gentel with your answer, I am the President of the Moron's Club, in case you didn't know! :D

A NAT router can work as a "poor mans" firewall. due to the fact that you DONT have to use standard ports for things such as FTP which is "normally" port 21 (you know from personal knowledge that MY ftp doesnt run on port 21). Also I know that you have the linksys router which by default uses 192.168.1.1 and so on...well my "private lan" doesnt run on that ip range :) you can change it (within the "private ip ranges".

Truthfully if you want a full blown firewall you have to be prepared to spend the money for "business class" hardware and software....But in the same breath I will say that a NAT type router will stop 99.9998% (just a guess) of the "script kiddies" when you setup your "NAT firewall and DONT open any ports up. ANY time you open up ports you increase your chances of getting hacked. (that is why my WEBSERVERS are NOT part of my private lan!)

(that is why my WEBSERVERS are NOT part of my private lan!)
Well, there ya go! :D
But since I do have to have ports open. I have the one computer with the open ports out of the DMZ, that's supposed to help right?

Originally posted by surreal
(that is why my WEBSERVERS are NOT part of my private lan!)
Well, there ya go! :D
But since I do have to have ports open. I have the one computer with the open ports out of the DMZ, that's supposed to help right?


DMZ opens that one computer to the internet completely. i have my ftp open with DMZ and have zonealarm running on it just in case

quote from linksys on DMZ

Demilitarized Zone (DMZ) allows one IP Address (computer) to be exposed to the Internet. Some applications require multiple TCP/IP ports to be open. DMZ allows just one computer to be exposed for that purpose. You should set your computer with a static IP if you want to use DMZ.

Note - Assigning a machine to the DMZ poses many security risks.You should disable file and printer sharing as well as get a software firewall with application rules for this machine.

very interesting link i came across as i was typing this

http://searchsystemsmanagement.techtarget.com/originalContent/0,289142,sid20_gci809290,00.html

Demilitarized Zone.. geez I thought that's just a name I made up when I saw the acronym :) and as usual it's my dyslexic speech.

Hmmm but why did I have to go the trouble of the port forwarding dance if I did the DMZ thing?... Oh well... Maybe I didn't and did it just for fun.. :rolleyes:

That is an interesting link.. thanks :)

Oh and glad to see you over here guy :D

Yes you went thru the Port forwarding thing for nothing if you ended up placing the computer that was listed in the forwarding section into the DMZ :)

You only needed to do one or the other...not both :)

yeah funny thing i got this account way back when and completly forgot all about it.

The reason why you have to forward the port is because you are behind the router along with other computers. so the purpose is that the router knows which computer needs the info

say for example: i have a comptuer set up to server out movies and im behind the router. right now i have 8 computers connected thru the router to share internet. i use port 666 for people to connect to my ftp. so i would have to forward port 666 to the computer that is running the software. when the router gets the request to connect it will look for which computer is setup to use port 666. if you don't have it forward the router will bounce back and say "hey i have no idea where this connection is coming from nor where its going since i have 8 other computer"

hope that explains it better. its also know as passive mode with ftp progs


edit* hrm im sure i thought you needed to forward a port with dmz host. idk, i need to research now!

Hmm I would think the port forwarding would be just a tiny bit better, or is that a ridiculous thought with os many of the ports that are open. only about 63,000 I assume it's because
Net meeting has dynamic ports, I assume that means they open and close all the time for security? Seems like there should be a better way to do it...

edit,,
I have everything working GZ, I just think that its common knowledge what a cable companies ips are and what a router's default ip is,, seems even tho I'm behind the NAT it wouldn't be to tough to find me..

It's not the IP that is the problem..it's how to connect to it. An open port in itself isn't such a bad thing..heck we all have port 80 or 8080 open to even connect to the net..the defense is in permissions as to what that port allows..and no..to find you is a piece of cake..just send an email from your own computer, and that is pegged..it's what your firewall does with the outside requests that would be the issue

You got it nailed there Smokin!
it's what your firewall does with the outside requests that would be the issue

it's what your firewall does with the outside requests that would be the issue
OK, here we go, you've opened a can o' worms smokin'

:D :D

so what are different permissions? and how do you use them??

LOL
Are you prepared to do a lot of reading surreal?
this is a good start for you
:)

http://www.linuxjournal.com/article.php?sid=3546

the basic firewall setup I use is locked pretty tight. The more services you allow, the less secure the box will be.
ie
adding telnet, ftp..etc
the above article will give you an idea of how to keep a reasonably tight ship.
:)

OK, so you're talking about setting up a box as a firewall.
:D I think it can be pretty tight using a Nat and the way the network is networked,, and I think I have most of the stuff to do it...
Yep, you're right, I'm not ready for that,, :D

(although I have the equipment to set up a linux box sitting at my feet.... ) ;)

Well..unfortunately..a lot of reading is the only way to secure a network. There are no quick fixes...having said that..the router you have is fine for the most part..as it is for most users. Just remember, that the more you add to that Linksys in the way of services, the less effective it is
:D

Yeah, I know... :D
LIke when I use net meeting! :D