Hello, I have a computer with vista ultimate. I have installed pctools firewall plus and also recently got a linksys WRT54G router. Right now I only have it wired to my desktop pc. On the box of the router it states it has "a powerful SPI firewall". How can I know for sure the router firewall is doing its job? Thanks
Run the ShieldsUP test at grc.com. If you dont pass, you may have to change some option in the router config.
I pass the grc shields up test, but for some reason I can always pass that test even with no firewall. I must be doing something wrong. Also, what should I be seeing in the pctools log while behind a router?
The router will give you stealth results even without any router firewall set up. So you're good either way. As far as the PCTools firewall logs, you should see pretty much nothing there inbound, just any loggings related to outbound traffic only.
Your router blocks all the port scans, so PCTools fw will see none of it, therefore nothing to log. The only real purpose of a software fw used behind a router is for filtering outbound application attempts. Your router stops the incoming garbage (port scans and other unsolicited traffic). If you have no interest in filtering your applications, then I would suggest sticking with your router and ditch the software fw, but I would also encourage you give the software fw at least a brief trial, if for no other reason than using it as a visual tool for learning about networking basics. Any questions you have can be answered by any number of knowlegeable folks in this forum. Hopefully you have some fun with it BTW, try to spend some time going over the router's manual. Log into the unit's web-based GUI and look around at all the menus to see what is there, making sure you enable its wireless encryption option (choose WPA/WPA2) if available) and assign it a strong password. If you do not plan on using its wireless functionality, then see if the radio can be turned off.
Thanks guys for your help. I am new to all this. In checking the pctools log, its blocking a lot of inbound from 192.168.1.1 which I believe is something from the router. In fact thats the only inbound logged. There used to be many different addresses before I installed the router, but now just from 192.168.1.1. Looks like I have much studying to do. Thanks again.
192.168.1.1 is most likely the IP of your router. IPs beginning with 192.168 are one of the ranges used for private networks, which can be anything from a single PC and router to a large business. More on Private networks at Wikipedia. Assuming that your router isn't set to forward certain ports, the only incoming that should show up in your software firewall logs are those sent by the router. Rick
Assuming you _just_ purchased a new WRT54G router recently, you should return that router. Buy a WRT54GL model instead. This can be found at online retailers like http://www.newegg.com Why switch to a WRT54GL? The "L" designation represents linux firmware. Initially v1-v4 of WRT54G contained linux. As of v5 onward, Linksys switched to proprietary firmware. The proprietary firmware models tend to exhibit more problems. Additionally, the models that contain Linux firmware can be upgraded with 3rd Party firmware like DD-WRT, Tomato, HyperWRT, OpenWRT, which are by almost all account more stable, have more features, and have fixed issues of stock Linksys firmware. NOTE: Flashing your router with a 3rd Party firmware _will_ void your warranty. This is not meant to scare you as most users of 3rd Party firmwares do not have issues. However, you should be aware of this information.
OpenWRT and X-WRT support both WRT54GL and older versions of WRT54G. http://wiki.openwrt.org/TableOfHardware?action=show&redirect=toh
I'm replying to this with my phone so it's too big of a pain to check, but see if Wallwatcher supports this firewall. Wallwatcher is a free program to analyze your firewall logs.
It's not a worry, that's the LAN IP of the router, most home grade broadband routers run class C internal networks such as 192.168.1.xxx or 192.168.0.xxx. By default, they all run NAT, and your computer(s) is(are) hidden from the outside world. By default, all 65,000 plus ports are not open/forwarded, so you're safe. I will never run, or support computers of clients of mine, on the internet without being behind NAT. SPI is another added layer of protection, not really anything to do with the NAT firewall, it's really an overhyped thing..just blocking of some basic DDOS attacks, examining of source of origination of traffic, etc. Having SPI on and off has zero impact on doing port security scans.