tiny questions...

hello from Greece/Rhodes
i'm using tiny pro version 6.5.126. i know this is a very good firewall and i like very much the "system protection", "track n' reverse" features.
i am using the default settings.
i have make 3 new application groups i called.
"my applications" = all my applications that can run in my pc with no internet access.
"my applications (internet)" = all my applications that can run in my pc with internet access.
"my games" = all my games that can run in my pc with no internet access.
i have a shared dsl connection with my neigbour with a FRITZ!BOX dsl router.
i have heard that this router has a very good firewall.
we also have a small lan together so we can share files and playing lan games.
my ip is 192.168.178.2
my neighbour ip is 192.168.178.3
and fritz!box router is 192.168.178.1

can you tell me some specific rules so tiny works well with this small lan.
is it too much to have tiny firewall in my system? or just leave fritz!box to do the work.
i like tiny because i can control which applications can run and have access to internet and which not...
also i took a look and at Filseclab Personal Firewall Professional Edition but i don't think i has "system protection" like tiny has.
i am using win 2003 sp1.
also can someone explain the "trusted" and "internet zone". which zone should i use in my lan.?
should tiny will have any updates now that have been sold to CA? if no should we choose another firewall with updates and support like Filseclab.

 

Geia sou, apo Crete.
Don't waste your time with Tiny Firewall.
It was a fantastic product but now it has no support and no new releases, which are very important for today firewalls.
If you don't mind about outbound protection just try CHX. It's the "state of the art" packet filter, especially on Win2003 server machines.

regards
joter

 

geia sou kai pali file apo ti crete.
i need outbound protection because i want to restrict some applications and games to have access to the internet.
what is the link to the firewall you suggest (CHX). ?

 

You can download CHX from http://www.idrci.net

You can also look for additional help at Software Security Central
http://www.sscnetwork.net/forumdisplay.php?f=5

If you want outbound protection you can also use a personal firewall for application filtering only.
I recommend Look 'n' Stop, Zone Alarm free or even Kerio Personal firewall.

On my desktop, I personally use L'n'S with CHX ver. 3.0 still in beta but very very stable.

Regards
joter

 

Well, it depends, would you like to have a car where you have to upgrade every year and have it patched every now and then. Maybe this version of TF is the most stable and most performant version on the market outranking every other firewall.... then... why would you need new releases every ... month? If something is done right... then one does not need to upgrades every now and then. And if one knows something about networking and windows, then most of the FW is self explaining, and about support.. on Tinysoftware Forum are still several senior members (callthem beta testers) who now almost everything one needs to know.....

So what is your point..... mine is... my Mercedes 500SL is a bad car because I cannot drive it or master the manual transmission... and it must a bad car because I dont need to have it fixed or upgraded every second month... hmmm,

Ciao
Itsme

 

Is this a wired network, wireless or both? Are these IP's static or dynamic and assigned by DHCP via the router. You could make general rules permitting all traffic between LAN systems. Or you could be more restrictive only permitting specific IP's.

If you are happy with it, like the features and what it can do for you, keep using it. Routers offer good inbound protection (some also provide outbound filtering), just a matter of choice as to how much network/outbound control you want over applications when determining what you run on your systems behind a router.

I have not used this version of Tiny, but you would not want your LAN/file/printer sharing rules in the Internet Zone even though these systems are protected and behind the router.

Regards,

CrazyM

 

thanks very much for the replies.
the lan is wired. also the IP's are static. i don't like the DHCP so much.
in TF in "trusted zone" i have make rules so the file sharing with my friend works, and no internet from the router (fritz!box).
in TF in "internet zone" i have again file sharing enable with my neighbour, but i have internet access from the router. here are the rules...

1. "Allows LAN Connection with "neighbour" in every ZONE"
protocol TCP UDP ALL
MY COMPUTER - LOCAL IP ADDRESS = "PREDEFINED LAN"
REMOTE COMPUTER - LOCAL IP ADDRESS = "PREDEFINED LAN"
SECURITY ZONE = ALL

2.Blocks Internet Connection in "Trusted Zone"
protocol TCP UDP ALL
MY COMPUTER - LOCAL IP ADDRESS = "ALL IP ADDRESSES"
REMOTE COMPUTER - LOCAL IP ADDRESS = "ALL IP ADDRESSES"
SECURITY ZONE = SAFE ZONE

are they correct? what do u think. they work the way i want. if i want to block the internet to my pc for some reasons i turn to "TRUSTED ZONE". in both zones the lan is working.!!!

 

There is also an other way to look at the zones.
I use my zones as follow.
At home I have a home network based on wireless adsl router. Router (firewall, Nat, IDS) and all computers behind the routers are managed by myself. As a result of this when I am at home... all adapters of all computers are located in the trusted zone... because I trust the zone as I configured it.

However, when I move my laptop to the office or connect on a network elsewhere then I dont know how the network is configured. Then I move all the adapters of my laptop to the Dangerous Zone (dangerous zone as I dont know how it is configured and protected)...only TF sits between my data and the evil internet./ other network. (soneone tried to hack into my laptop while I was on corporate network)

Both Zones (Trusted and Dangerous) allow you to differentiate two sets of network rules. The default ruleset is more restrictive for the Dangerous Zone than for the Trusted Zone. However, if you want, and TF allows it, you can change all the rules the way you want. This means if one makes rules allowing all communications in Dangerous Zone... then Dangerous Zone will be less restrictive than the Trusted Zone. So.. what I want to point out here is that the Names of the Zones are irrelevant as it is the unlying ruleset that actually defines how secure/restrictive the two Zones operate.

Differentiating between local network and internet I can do with predefined IP adres groups. Differenciating between your computers on the network and your friends computers on the network could also be done by different IP Groups. In this case your computers and your friend computers could both be in the Trusted Zone but differenciated by IP Groups. You could make a IP group like MyLAN (192.168.0.1 to ...5) and YourLAN (192.168.0.6...9) Then in the Network Protection you can make as much specific rules for both IP groups as you like, both in Trusted or Dangerous Zone. You could setup your ruleset allowing all outgoing communication from you computers to YourLAN and blocking all incoming communication from YourLAN. This would allow you to communicate with all computers on your friends site and at the same time blocking all incoming request from his computers.

Maybe this reasoning also opens some new perspectives.

Don't hesitate to post more questions. Unfortunately, as I just started a new contract it is unlikely that I'll be here every day.

Ciao
Itsme

 

"itsme" very nice idea with the "mylan" suggestions. yes i did it. also very nice with the predefined ip addresses.
i have put in "mylan" my ip 192.168.178.2 and neighbour 192.168.178.3
and also i have made a rule from "mylan" to accept and not accept internet from the router depending the zone (trusted or dangerous).
thank you.

 

great
Ciao
Itsme