Firewall on the Linksys BEFSR41 Router

Discussion in 'Windows Desktop Systems' started by Heeter, May 18, 2003.

  1. Heeter

    Heeter Overclocked Like A Mother

    Messages:
    2,732
    Hi Guys,

    I recently purchased and installed this router for my home network, I have gone up and down the owner's manual, but nothing tells me on how to setup the firewall. Is the firewall already installed and working? Is this what everyone calls a hardware firewall? Can I safely remove the software firewalls in each of my towers now? Do I need a firewall on the one tower that has my FTP and Web Server? By disabling the "DHCP" for the FTP and WEB servers, will I need a firewall for the other towers? This router thing is new to me. Thanks in advance.....


    Heeter
     
  2. Smokie

    Smokie A Proud Australian

    Messages:
    437
    Location:
    Townsville, Qld, Australia
    Heeter, you can safely take the software firewall off as the built -in router's firewall is already working. The routers firewall will protect all the systems that are connected to it.
     
  3. Perris Calderon

    Perris Calderon Moderator Staff Member Political User

    Messages:
    12,332
    Location:
    new york
    and I dissagree, with preferring the hardware over the sofrtware firewall.

    the hardware will help prevent hacks to your box, this is true, but it doesn't prevent outgoing activity, and that is very important.

    one or the other, the software is the better choice.

    I know this goes against common advice, but this looks to me to be self evident
     
  4. Zedric

    Zedric NTFS Guru Folding Team

    Messages:
    4,006
    Location:
    Sweden
    True that, the router won't protect from outgoing traffic (trojans and so on) but if I had to choose (and I sorta did) I'd use the hardware for various reasons. Having both is of course safer.

    Note however. You are never SAFE(tm) just because you have a firewall or two. Firewalls often cause a sense of false security. It's not an excuse not te be careful. :)
     
  5. Perris Calderon

    Perris Calderon Moderator Staff Member Political User

    Messages:
    12,332
    Location:
    new york
    good post zedrick.

    my personal choice if I could only have one though would be the softare, though the hardware as you say is supposed to give greater protection against hacks.

    my philosophy is as follows;

    if a haccker is so sophisticated as to be able to crack my state of the art software firewall, then he will no doubt have the tools and gumption to thwart any router.

    so I'll take the added protection of outgoing information as the deciding choice.

    personally, I use both
     
  6. Heeter

    Heeter Overclocked Like A Mother

    Messages:
    2,732
    Thanks for the replies....but how can I share between computers if software firewalls are involved, Can I configure the software versions to do file sharing?


    Heeter
     
  7. Heeter

    Heeter Overclocked Like A Mother

    Messages:
    2,732
    Thanks Enyo

    My Sygate Firewall should do the trick. I guess I will go look inside it and see what I can do with that program.


    Heeter
     
  8. Perris Calderon

    Perris Calderon Moderator Staff Member Political User

    Messages:
    12,332
    Location:
    new york
    heeter...try the kirio...around three mbs of ram, versus I forget...9mbs to thirteen I think for sygate, my former favorite

    kirio is a much cleaner code...give that a go
     
  9. Heeter

    Heeter Overclocked Like A Mother

    Messages:
    2,732
    Okay thanks.

    Will try Kerio, can i adjust ports on kerio?


    Heeter
     
  10. Perris Calderon

    Perris Calderon Moderator Staff Member Political User

    Messages:
    12,332
    Location:
    new york
    oh yea...eminently rule based, though the default is plenty secure.

    try the kirio forum for exactly what your personal needs are...pretty good support board
     
  11. Heeter

    Heeter Overclocked Like A Mother

    Messages:
    2,732
    Thanks Dealer.....


    Heeter
     
  12. jonifen

    jonifen pffff...

    Messages:
    705
    I looked into this, and if you only have the router, no incoming attacks can get through to the machines which is what you need. However, things on the client machines can still talk out - although its probably not as likely that the machine will be compromised as for outsiders to connect to a trojan on a client machine, a port will need mapped through to a client machine.

    I find it a lot easier to map through what ports are needed - and for generic blocks of ports (i.e. for DCC on mIRC), check a port list to see which ones are not used to ensure you dont cause your client to become more vulnerable to the outside.

    Look here for a port list: http://www.iana.org/assignments/port-numbers

    be aware, its quite a big page - but should load quick as its only text.


    edit: ive got the same router myself (as you can see on my sig), and I have norton antivirus which always auto-updates. Plus, I download/run things with some common sense in mind so I tend to not have problems with things and finally, I scan regularly with AdAware Professional 6.

    However, it is easier for the user to use a simple software firewall, and kerio is apparantly very good.