Configuring Hardware Firewall

Hello all!

A friend of mine has bought a ZyXEL P-334WT wireless broadband router and firewall. One or two computers will be 'hard wired' and one or two computers via wireless. I'm in the middle of it, trying to get it to work but being the lazy bugger I am, I ask questions on the Windows BBS ...... ...... rather than reading the 456 pages Users Guide.

Regarding the encryption, I believe that 64-bit WEP is good enough for home use. It is only there to prevent totally free access to the network by anyone 'driving by'.

Regarding the firewall, there are a lot of settings and the user would need a degree in 'mumbo-jumbo' to understand it and get it right. The question is what level of protection will be the result of simply enabling the firewall with default settings (whatever those are)?

Firewall rules;

- LAN to WAN, default is to forward all traffic. Certain traffic can be blocked. Is it a consideration for the home user?

- WAN to LAN, default is to block all traffic. Certain traffic can be forwarded. Is it a consideration for the home user?

- I understand the latter rule as 'inbound traffic which is not the result of a request from a computer on the LAN' being blocked, right?

Thanks for your time,
Christer

 

There is a software firewall (NIS) behind the router and I guess that the hardware firewall is not considered to be the 'primary' but an additional layer of protection. Dispensing with the software firewall would not be an option unless the user knows how to properly configure the hardware firewall.

The main issue is to get two to four computers to share a broadband connection. The ISP identifies the user by the MAC address of the NIC. I didn't know of that possibility and it took a while before I found out that the MAC address of the 'licensed computer' had to be transfered to the router ...... ...... can you tell that I'm new at this?

Christer

 

I understand this as the hardware firewall blocking all inbound (default) will take most of the work load off NIS and the hardware firewall forwarding all outbound (default) will not interfere with NIS.

I was at my friends place (some 150 km away from my home) one evening during the weekend and neither did I know the specifics of the ISP's operations at that time. I tried booting the modem-router-computer in all permutations of order but no success.

My research of yesterday revealed that it had something to do with the MAC address. The FAQ's at their website had a note that a new NIC would equal a new MAC address and a fee would be charged to change the one logged with them (necessary to make it work again). That's when I started reading a few of the 456 pages in the manual and found out about 'spoofing' the MAC address from the computer by telling the router the IP address of said computer. I have worked out instructions on how to do it and mailed to my friend. Have not yet heard of the success ...... ...... or otherwise.

Thanks for confirming what I thought that I 'knew'!

Christer

 

Newt,
your help was more than confirming my findings!

It's difficult to help people with an issue that you know 'nothing' about and have to research, especially when you do it from a distance via e-mail. Your information indicates that I'm not leading my friend astray.

The fact that the ISP charge something like $30 to change the MAC address means that a new computer would invoke that cost. It wouldn't even be possible to own two computers, e.g. one desktop and one laptop and connect them alternatingly to the internet.

I've read a bit more in their FAQ's and they do recommend a router to be able to connect more than one computer.

I have also searched the Windows BBS and found Router, NAT, Firewall discussion which was written by a distinguished member of the staff. Very informative and I believe it answers most of my questions. I'll have to reread it though!

Christer

 

Well,
I was in grovelling mode ...... ...... !

Christer