how do I configure NAT router firewall...?

Discussion in 'other firewalls' started by thathagat, Oct 27, 2008.

Thread Status:
Not open for further replies.
  1. wat0114

    wat0114 Guest

    Hi thathagat,

    why don't you try a ShieldsUp port scan and see the results? BTW, A big FAILED result isn't necessarily anything to get worked up about. Just post the reason if this happens (eg: could be it responds to pings or port 113 is not stealthed); it could be inconsequential. I know nothing about your router, but the settings in the screenshots you posted seem about right. Furthermore, as long as your network connectivity seems okay to you, then there is probably nothing wrong.

    It helps kis2009 by taking the Internet "noise" load off of it.

    I think your okay without a software firewall on these pcs, though you could run Windows built-in firewall on them probably without harm.

    IMO, no. What you have is probably just fine.

    if you are not interested in in configuring software firewalls and they cause you more grief than pleasure, then by all means avoid them. Your router with Windows built-in firewall on the pcs (optional) will serve you well.


    **EDIT**

    my apologies, i see in post 3 you already scanned your ports. I would, however, add you should check your wireless settings and use a WPA or WPA2 encrypted connection.
     
    Last edited by a moderator: Oct 29, 2008
  2. vijayind

    vijayind Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    1,413
    Thats exactly my point.
    See in this case you have PPPoE on WAN and DHCP on LAN. NAT-like behavior will be shown (not 100% RFC compliance).
    Now if you disable NAT, what will happen ?? If it was regular IPoE on both sides, then the packets coming out of WAN side would be routed with display of LAN side routes to next hop.
    But because its PPPoE on WAN side, even if you disable NAT flag. There will be no change in behavior, since CPE can't sent packets with LAN address on it ( since PPP session has WAN credentials. It will be either discarded or session will be disconnected by RAS). In effect NAT disable/enable for PPPoE on WAN is same. And in most CPEs will have no effect what-so-ever on the behavior when in PPPoE routed mode.

    Hope now my point is clear.
     
  3. vijayind

    vijayind Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    1,413
    I am sorry, Nick for the mess. If you would so kind as to comment on my post or PM me on your views on the topic, I would be very grateful. I value your opinion, kindly assist in getting the thread back on track.
    Thank You.
     
  4. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,246
    Well, I'd hnoestly need your help. Is it somehow possible to disable NAT router completely and simply let all the protection to software firewall?
    Several months ago I tried to disable NAT router because I wanted Outpost Pro for my inbound protection. But what happened is that I couldn't access internet at all.
    I personally don't want my router protects me from inbound attacks, I want Outpost Pro to protect me from them.
    While using router (Edimax ADSL2+ router), Outpost Pro shows 0 blocked attacks-is there any possible way that I can completely disable NAT router so that all of unsoliticed traffic is blocked Outpost Proo_O?
    I don't want to see 0 blocked attacks by Outpost Pro anymore.

    And is it possible to completely disable NAT router's protection and still connect to and surf through the internet but with Outpost Pro blocking inbound attacks?
    Please, help.

    I know what you would say-don't do it, but I want to do it. I'd rather simply Outpost Pro to protect me than my router, I simply feel safer.
     
  5. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,905
    Location:
    SW. Oklahoma
    personally I would rather my nat blocked all the crap and didn't let it on my computer in the hopes a software firewall might stop it.a software firewall is no where as efficient as a hardware one. but it is your choice. and having no messages that your soft firewall has blocked anything is just proof that the nat is protecting you. I even went a step beyond a nat router I use a dedicated hardware firewall.
     
  6. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    As already noted before, configure it as bridge. It's described in detail in the manual. And yeah, bad idea generally as noted above.
     
  7. vijayind

    vijayind Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    1,413
    I think some good advice from many different people, has come your way. Against removing NAT.

    Please see your manual If you can understand the same no issues. Else if you still want to move to bridged, please provide the following details:
    1) PVC : Please tell WAN details like PVC used (0,33 or 8,35 is typical)
    2) WAN Connection Type: It should be one of the following PPPoE,PPPoA, Dynamic IP.
     
  8. thathagat

    thathagat Guest

    hello.......two things i like to ask..
    1. ever since i 've moved to bb my online gaming and u-torrent failed to connect due to port forwarding/port not open...so today through some searching and tinkering i did setup what is a virtual server(screen shot attached) now the u-torrent works fine but is this risky or unsafe...? for games like farcry...crysis too need this....?
    2. before this bb i.e. on my dial up my kis2009 always use to warn of some helkern attack but after this xDSL nat router that warning has never come so it would entail that the router stops it....ummm i am guessing this.
     

    Attached Files:

  9. vijayind

    vijayind Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    1,413
    You have done some good tinkering :thumb: That is the way to use utorrent and other programs whose ports get blocked due to NAT.
    Risky ..... Yes, a little. What you have done is made a small hole in the wall. So if someone tries to pump traffic on that specific port which you have VS running, you are susceptible. But it seems you have KIS2009 and if its monitoring that port. Then it should save you from any such attack.
    You are right again. The Helkern/Slammer attack is offset by any router. Helkern basically spawns a loop on port 1434 used by MS SQL. Most routers will have this port closed, hence no more warnings.
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.