Router Firewall

Discussion in 'other firewalls' started by fosl, Aug 31, 2007.

Thread Status:
Not open for further replies.
  1. fosl

    fosl Registered Member

    Joined:
    Mar 5, 2007
    Posts:
    54
    Hello,

    I have a computer with vista ultimate. I have installed pctools firewall plus
    and also recently got a linksys WRT54G router. Right now I only have it
    wired to my desktop pc. On the box of the router it states it has
    "a powerful SPI firewall". How can I know for sure the router firewall is
    doing its job?

    Thanks
     
  2. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    Run the ShieldsUP test at grc.com.

    If you dont pass, you may have to change some option in the router config.
     
  3. fosl

    fosl Registered Member

    Joined:
    Mar 5, 2007
    Posts:
    54
    I pass the grc shields up test, but for some reason I can always pass that test even with no firewall. I must be doing something wrong. Also, what should I be seeing in the pctools log while behind a router?
     
  4. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,787
    The router will give you stealth results even without any router firewall set up. So you're good either way. As far as the PCTools firewall logs, you should see pretty much nothing there inbound, just any loggings related to outbound traffic only.
     
  5. wat0114

    wat0114 Guest

    Your router blocks all the port scans, so PCTools fw will see none of it, therefore nothing to log. The only real purpose of a software fw used behind a router is for filtering outbound application attempts. Your router stops the incoming garbage (port scans and other unsolicited traffic). If you have no interest in filtering your applications, then I would suggest sticking with your router and ditch the software fw, but I would also encourage you give the software fw at least a brief trial, if for no other reason than using it as a visual tool for learning about networking basics. Any questions you have can be answered by any number of knowlegeable folks in this forum. Hopefully you have some fun with it :)

    BTW, try to spend some time going over the router's manual. Log into the unit's web-based GUI and look around at all the menus to see what is there, making sure you enable its wireless encryption option (choose WPA/WPA2) if available) and assign it a strong password. If you do not plan on using its wireless functionality, then see if the radio can be turned off.
     
    Last edited by a moderator: Aug 31, 2007
  6. fosl

    fosl Registered Member

    Joined:
    Mar 5, 2007
    Posts:
    54
    Thanks guys for your help. I am new to all this. In checking the pctools log, its blocking a lot of inbound from 192.168.1.1 which I believe is something from the router. In fact thats the only inbound logged. There used to be many different addresses before I installed the router, but now just from
    192.168.1.1. Looks like I have much studying to do. Thanks again.
     
  7. herbalist

    herbalist Guest

    192.168.1.1 is most likely the IP of your router. IPs beginning with 192.168 are one of the ranges used for private networks, which can be anything from a single PC and router to a large business. More on Private networks at Wikipedia. Assuming that your router isn't set to forward certain ports, the only incoming that should show up in your software firewall logs are those sent by the router.
    Rick
     
  8. Vulcan_

    Vulcan_ Registered Member

    Joined:
    Sep 1, 2007
    Posts:
    11
    Assuming you _just_ purchased a new WRT54G router recently, you should return that router.

    Buy a WRT54GL model instead.

    This can be found at online retailers like
    http://www.newegg.com


    Why switch to a WRT54GL?

    The "L" designation represents linux firmware. Initially v1-v4 of WRT54G contained linux. As of v5 onward, Linksys switched to proprietary firmware.
    The proprietary firmware models tend to exhibit more problems.

    Additionally, the models that contain Linux firmware can be upgraded with 3rd Party firmware like DD-WRT, Tomato, HyperWRT, OpenWRT, which are by almost all account more stable, have more features, and have fixed issues of stock Linksys firmware.


    NOTE: Flashing your router with a 3rd Party firmware _will_ void your warranty. This is not meant to scare you as most users of 3rd Party firmwares do not have issues. However, you should be aware of this information.
     
  9. Nubiatech

    Nubiatech Registered Member

    Joined:
    Aug 19, 2007
    Posts:
    50
    Location:
    IL, USA
    OpenWRT and X-WRT support both WRT54GL and older versions of WRT54G.
    http://wiki.openwrt.org/TableOfHardware?action=show&redirect=toh
     
  10. smf

    smf Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    31
    I'm replying to this with my phone so it's too big of a pain to check, but see if Wallwatcher supports this firewall. Wallwatcher is a free program to analyze your firewall logs.
     
  11. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    It's not a worry, that's the LAN IP of the router, most home grade broadband routers run class C internal networks such as 192.168.1.xxx or 192.168.0.xxx.

    By default, they all run NAT, and your computer(s) is(are) hidden from the outside world. By default, all 65,000 plus ports are not open/forwarded, so you're safe. I will never run, or support computers of clients of mine, on the internet without being behind NAT.

    SPI is another added layer of protection, not really anything to do with the NAT firewall, it's really an overhyped thing..just blocking of some basic DDOS attacks, examining of source of origination of traffic, etc. Having SPI on and off has zero impact on doing port security scans.
     
Loading...
Thread Status:
Not open for further replies.