firewall with DI-604 router?

Discussion in 'other firewalls' started by wreckwriter, Apr 2, 2006.

Thread Status:
Not open for further replies.
  1. wreckwriter

    wreckwriter Registered Member

    Joined:
    Oct 19, 2004
    Posts:
    68
    Can anyone suggest a software firewall which will either work with DI-604 right out of the box or includes specific instructions for setting it up? I lost all connectivity trying one yesterday, ended up having to restore :(
     
  2. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
  3. wreckwriter

    wreckwriter Registered Member

    Joined:
    Oct 19, 2004
    Posts:
    68
    Actually I saw a post here where a guy said ZA locked him out just like LnS did me, same router. Thanks though :)
     
  4. QBgreen

    QBgreen Registered Member

    Joined:
    Jan 1, 2005
    Posts:
    627
    Location:
    Queens County, NY
    Having had that very model, I can tell you that there isn't a software firewall that won't work with it.

    As for a suggestion, give Sunbelt Kerio 4.23 a go. When setting it up, it will ask if your network is to be considered safe, and flash the IP address of your router. This will likely be 192.168.0.1. Tick your acceptance, and allow the setup to continue. You shouldn't experience any gaffs.
     
  5. dog

    dog Guest

    That's likely the one they tried, it's included on the Dlink CD = ZA Pro trial ... 60/90 Days.

    I use LnS.

    I'd suggest if it was ZA you tried, try installing it again ... it shouldn't be an issue - they incorperated some features specifically for ZA - although I'm not sure of there usefullness/functionality. (Screenshot)

    Steve

    EDIT: Sorry I was a little late responding (taking the screenshot) ... LnS shouldn't be a problem ... nor ZA - See QBgreens response.
     

    Attached Files:

  6. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Pretty weird. D-Link recommends ZoneAlarm itself. If I would have this problem, I would ask myself : "Did I really read the manual ?"
     
  7. wreckwriter

    wreckwriter Registered Member

    Joined:
    Oct 19, 2004
    Posts:
    68
    You're right, it was the freebie. I haven't tried ZA, I tried LnS and couldn't access anything afterwards, even after uninstalling it... that kinda spooks me.
     
  8. wreckwriter

    wreckwriter Registered Member

    Joined:
    Oct 19, 2004
    Posts:
    68
    How did you get it to let you do anything?
     
  9. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Seems more like a way of selling new ZA licences - a truly useful feature would be the ability to block ZA's "phone home" behaviour. It does raise the question of how the router can tell ZA is present and its security level - does ZA tag every packet sent out?
     
  10. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Dog,
    That's what I thought too. I bought DI-604 myself, but my new computer isn't ready yet to use it, but I was planning to use it with ZA Pro, which I still have to buy. I use ZA Free now, but ZA Pro is better according my readings.
     
  11. wreckwriter

    wreckwriter Registered Member

    Joined:
    Oct 19, 2004
    Posts:
    68
    I tend to agree. ZA is not my first choice. I wanted LnS but it locked me down tight and I couldn't find anything on how to get it working. Having it not open things back up when unistalled was the worst thing.
     
  12. Clweb

    Clweb Registered Member

    Joined:
    Dec 28, 2002
    Posts:
    127
    Location:
    France
    Hello,
    I have a DI604over a year and tested many software firewalls (Outpost, LnS, Jetico,Kerio,Filseclab,ZA Free, etc) . There is no problem.
    When the router is in his default configuration, it does input filtering. So a sofware firewall is only required to do the output filtering.
    If I want to test the input filtering of a software firewall (at grc.com), I configure my PC in the DMZ zone in the DI604 and activate DMZ.
    Normally with the router working normally a software firewall has practically no input to block.
     
  13. wreckwriter

    wreckwriter Registered Member

    Joined:
    Oct 19, 2004
    Posts:
    68
    It turns out my LnS problem was an incomplete uninstall of the Sygate firewall. Phantom helped me get it sorted out last night. LnS is now installed and working!
     
  14. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    You guys have me worried. I have a D-Link 604 and have used Zone Alarm Free and now use LNS and haven't had any problems. Makes me wonder if my router is working. I got rid of ZA because if the computer sat unused for a while I would loose my DSL connection and have to reboot.
     
  15. CJsDad

    CJsDad Registered Member

    Joined:
    Jan 22, 2006
    Posts:
    618
    I'm also using the DI-604 router with Look n' Stop.
    IS there a way to check and see if everything is configured correctly between the router and firewall.
    I read the thread over on the LnS board about hooking up your router with a firewall but I'm still not sure if everything is configured the right way.
     
  16. emir

    emir Registered Member

    Joined:
    Dec 21, 2005
    Posts:
    61
    I have DI-604 and have had best results with what is apparently still the best firewall in my opinion:SYGATE. It utilizes something called arp detection and really does protect you unlike some firewalls which claim to have certain features but they do not work correctly. Look and Stop is ok, but not quite as good as SYGATE as long as you still get that original and not sygate incorporated into Symantec since they acquired them. I have question of my own for anyone, why is it no matter what configuration I use on any firewall software and hardware, does shieldsup (grc.com) show that I am replying to pings, I have the disable ping reply from wan side on the dlink and have sygate pro fully stealthed, no net-bios, no malware, no ports open period except 21 and 80, so why does it always say this?
     
  17. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,785
    Grc shows that because the router IS responding to pings. So it sounds like there's something amiss with the router. Typically you just disable the ping reply as you said and then reboot the router. If that isn't working then there's something wrong with the router/firmware etc.
     
  18. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,785
    I would say that if everything seems to be working ok, then you're ok. If something isn't configured right, then you will see it and have problems. You can do a scan at Grc.com to see if all is stealth and so on. But if it works, it probably don't need fixing... :)
     
  19. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    ARP-related features are totally irrelevant to users connected to a router. ARP-based attacks can only be carried out from a computer within your local network and so are only a possibility for those accessing the Internet from a LAN shared with untrusted users (e.g. school/university networks). For a home network where every PC is under your control (and presumably properly secured), any reported of ARP-based attacks are far more likely to be false positives.

    If you do really need ARP-filtering, Sygate isn't the only firewall with this option and it (still) has that local proxy problem (where outgoing access cannot be controlled if a local proxy is being run - such as a web filter or anti-virus email/web scanner).

    Edit: Those connecting via a cable-based ISP may benefit from ARP-filtering also since such ISPs often set up their network as one big LAN, meaning that subscribers can see each others' ARP traffic.
     
    Last edited: Apr 4, 2006
  20. CJsDad

    CJsDad Registered Member

    Joined:
    Jan 22, 2006
    Posts:
    618
    I've tried multiple firewall tests and have passed/stealthed all of them so hopefully I'm o.k. with my set up then.
    Thanks.
     
  21. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    As from today, 2006.05.08 After Christ, my mediocre firewall ZoneAlarm Free is now enforced with a D-Link DI-604 router and I did it all by myself after RTFM. This is the good news :) , the bad news is that it will increase my electricity bill. :'(
     
  22. korb

    korb Registered Member

    Joined:
    Mar 13, 2006
    Posts:
    150
    Location:
    singapore-thailand
    so far mine work very well with CHX-I firewall+jetico
     
Loading...
Thread Status:
Not open for further replies.