Router, NAT, Firewall discussion *Clarified*

Thank you TonyT and Newt for sharing your knowledge.

One can assume over time, home use routers will provide full firewall features. Currently most routers have NAT, which gets along with software firewalls very well. As more firewall features are provide via the router, could they start interfering with features provided by there software cousin?

 

It is this transition period (example D-Links 604 firewall options page) which blurs the average users understanding of what is or is not included in "additional features ". I relied on NAT/router when first upgrading to broadband. Web based port testing assured me my ports were in "stealth mode ". Then "call home" activity became a issue, so I installed software firewall. This is a typical migration for many of us. As new featured routers are released, how will average users determine if software firewalls should be "installed or uninstalled "?

 

This is why, even though I do have a router with NAT and SPI, I will continue to use a software firewall and have control over what does and doesn't connect to the internet. Call home programs will appear to the router as valid requests and therefore be allowed.

 

Just plain discussion.

I am guessing ( assumming ) that this may well be the difference between my old Linksys Router and the New D-Link Router.

Refering to Links 2003. The Linksys says Hey OK. This guy started the link so it is OK to let it go.

The D-Link just plain says NO WAY. It is also doing the same to a couple of LAN games.

I just got a new Linksys Router/4 port Switch today so I will be testing it today or tomorrow.

That my Friend is a VERY GOOD question.

And I myself do not think there is any way to find out other than on the spot testing. Readin log files etc.

I myself like to have a Software Firewall. That way if it is behaving proper I will ( or at least should ) know more what may be trying to get outta here.

One of the Kids was on the Internet the other day. She asked if she cold try a certain Web Site. I said yes but I was watching all the way. I did see the words ( DOWNLOADING ) whlie the site was coming up. No sooner had the site come up on the screen something from it wanted to go right back out. ( something to do with Kazaa I think ) After close inspection I told Kerio to say NO WAY.

BUT. If a LAN is involved such as I have I think a Software Firewall may be good to have. No machine can get to my machine unless I grant it permission via Firewall Rule settings. One machine may let the request go out. But I can say NO on this end.

So could it be that whether to or not to may depend on the individual setup and how it is used ?

And most certainly user preferences.

From what I have learned so far I believe I perfer a Router without a Firewall as I believe I have more control with a Software FW. Don't know 100% for sure. Gotta do some more work.

BillyBob

 

TonyT - thanks for the information. I will certainly correct goofs in the original post. It does look like I was confused on a couple of points. Have to give some thought about how to best rephrase the 'firewall' part so it is accurate but will make the differences clear to networking novices.

One item that puzzles me though. You said, "Not all devices using NAT store or maintain a database of packets that pass through the device. Some devices operate on the premise that if the packet originates locally then there is no need to 'keep tabs' on it. ".

How would a return packet in this situation get back to the originating PC? I could understand if it were a single user NAT feature (and there may even be some of those - I have no idea) but if there are multiple devices behind your NAT device and no good way to track the originating PC, I can't think of any option other than all returns being broadcast to see who wants them and that doesn't sound reasonable even if possible.

 

-I could not wait any longer.-

I shut everything down and hooked everyting back up according to the instructions ( that is some thing new for me )-

As of this point in time it seems the new Linksys BEFSR41 Router/Switch is more suited for my use.

Once I got all machines back on ALL LAN GAMES work PERFECTLY. and FASTER immmediately.

The log file seems to report nothing about the LAN but it sure does about the Internet. It shows the address to this BBS and the port. It also show the return info and what ports.

I can now play links 2001 with either machine acting as host. ANd even much faster then the old Linksys.

I will not have a chance to test LS 2003 online till this evening.

BillyBob

 

BB - sounds like a great start. Good on ya.

 

Looks like you have a solution now.

It is looking in that direction.

I suggest keeping with it and ignore the other testing cause it will only lead to possible frustration and issues.

I do plan on keeping it. ( unless I get bored again -( But then I have had enough frustraion for the time being.

Were it me, I would want to spend more time on the greens, but in your case, one who is used to the sand, you may wish to play around more with the other routers!!!!

I sure agree about more time on the greens.

Instead of always teasing me about the sand etc. why do you not get Links 2003 so we can see you spends more time in the sand.

PLUS. You may be able to help me out if I need to forward ports. Or what ever the new ones does. It is different.

GRC and Symantec report all ports to be stealthed except 113.

Also now the game of SORRY will play via the LAN.

BillyBob

 

--To whom it may concern

Links 2003 connected immediately to our Friend in Canada.

Game seemed to go much faster and smoother.

But I do not have a Firewall loaded either.

So that tells me that hardware DOES play a BIG part in how things go. Newer OS and software needs newer hardware.

And unless some unforeseen item comes up I believe things will stay as they are. It was broke. I tried to fix and made it worse. Tried one more time and it seems to be fixed AGAIN.

Now I will go check the log and see what it tells me.

BTW TonyT
I did not get in the sand tonight.

A happy PC Operator ( for the moment anyway )
BillyBob

 

OK. I see that your shots were taken from what appears to be the same as my OLD BEFSR41. ( I think one of the first ones out )But the basic setting are the same.

The new one is VERY different. But the general ideas are the same.

In fact on screen is even different than the printed manual. ( on the CD of course ) Sure as hello not much help there

But anyhow. Things are looking up and unless I get messing around again they will more than likely stay that way.

At least I HOPE so.

BillyBob