Re: 56k dial up on laptop 802.11G ?

From: Duane Arnold <notme@xxxxxxxxx>
Date: Tue, 26 Jul 2005 14:33:34 GMT

floyd@xxxxxxxxxx (Floyd L. Davidson) wrote in
news:87k6jdzuta.fld@xxxxxxxxxx:

> Duane Arnold <Notme@xxxxxxxxx> wrote:
>>Floyd L. Davidson wrote:
>>> The Linksys WRT54G series of wireless routers all have firewall
>>> software.
>>>
>>
>>No NAT router is running FW software in the traditional sense. The
>>manufactures of the product can hype it all they want as being a
>>solution that's running FW software.
>
> Lots of words, but what do you mean? What, for example, is "the
> traditional sense"? I'm really hard pressed to see how the
> Linux firewall is not a firewall...

The traditional sense being that packet filtering rules cannot be set on
the router that can stop both inbound and outbound traffic by port,
protocol, or IP.

I can set a rule with the Watchguard to do the following:

Rule stop outbound traffic

1) LAN IP(s) 192.168.111.2 through 192.168.111.5 outbound
2) Protocol HTTP
3) Remote destination IP(s) 207.169.222.56 through 207.169.222.60

Or rule to stop inbound

1) Remote IP 207.222.777.66 inbound
2) Port 119
3) LAN IP(s) 192,168.111.7 through 192.168.111.10

That's an example where I can set filtering rules with the Watchguard
that I cannot do with the 54g.

The 54G cannot set those rules.

>
>>I suggest that you drop a line at comp.security.firewalls about a
>>WRT54G or any other NAT (no FW) router being used in the home to
>>people that make a living at it about this.
>
> Well, I *did* got read comp.security.firewalls and searched with
> google for articles about the WRT54G. I've seen a *lot* of
> recommendations that say the WRT54G is a fine firewall...

I don't think the TOP Guns in that NG will consider the WRT54G to be an
appliance that's running a FW. If you have read something that indicates
that the 54G or any Linksys router is running FW software, then those
posts were by posters such as yourself with the misconception that a
Linksys router is running FW software or a NAT router for home usage is
running FW software. So again, I ask you to drop a line in the FW NG
about a Linksys NAT 54G or otherwise router as to it or them being an
appliance that's running FW software by those that use the product
solutions as part of their livelihood.

>
>>If the WRT54G can meet all the specs below, then it's an appliance
>>running FW software. If the WRT54G cannot meet the specs, then it's
>>not an appliance that's running FW software.
>
> So tell us just what "spec" below is not fully met by the
> standard Linux firewall in a WRT54G? And, please explain what
> difference it makes whether it is an "appliance" or not?

<snip>

A firewall examines all traffic routed between the two networks to see if
it meets certain criteria. If it does, it is routed between the networks,
otherwise it is stopped. A firewall filters both inbound and outbound
traffic. It can also manage public access to private networked resources
such as host applications. It can be used to log all attempts to enter
the private network and trigger alarms when hostile or unauthorized entry
is attempted. Firewalls can filter packets based on their source and
destination addresses and port numbers. This is known as address
filtering. Firewalls can also filter specific types of network traffic.
This is also known as protocol filtering because the decision to forward
or reject traffic is dependant upon the protocol used, for example HTTP,
ftp or telnet. Firewalls can also filter traffic by packet attribute or
state.

<snip>

The specs being that a FW solution whether it's running on an appliance
or a host solution running on a gateway computer using the specs above
can set filtering rules to *stop* inbound or outbound traffic by port,
protocol, IP or packet attribute.

So tell me where in the Wrt54g manual that the NAT router can set those
rules.

>
>>I know that the low-end Watchguard
>>Firebox III SOHO 6 firewall appliance that I use meets those specs. I
>>know that the 54G or anyother Linksys NAT router or any NAT router for
>>home usage period is not running FW software.
>
> Why do you say that? I found one message where *you* provide a
> URL, which says the WRT's firewall is "an advanced form of
> firewall". I seem to recall where *you* had good things to say
> about the firewall in Suse Linux.

The software FW running on Suse Linux and the firmware running on the 54G
even though they are Linux solutions are not the same thing.

And I don't know where you got that about me saying that a WRT has an
advanced FW. If I did say it, then it was do to my ignorance about FW(s)
which as been corrected by the TOP Guns in the FW NG. The 54g has FW like
features but is not running FW software.

I also had good things to say about Vicomsoft's Windows Server based
network FW solution too.

>
> You do realize that the WRT54G runs Linux and has the same
> firewall built into the kernel as any other Linux, right? Do
> you have a WRT54G, and/or know what is in it?

Heck the BEFW11S4 v1 router I had was running a Linux solution.

Again I ask you to drop a line and ask the question to the Top Guns in
the FW NG about a Linksys NAT router running FW software. And is far as
that is concerned, my Watchguard is running Linux too.

>
>>The NAT routers are good enough in
>>the protection as long as one is not doing high risk things like port
>>forwarding.

>
> Please explain what you mean. And be specific about how it
> applies to a Linux router.

When I port forward 80 to an IP/machine behind the Watchguard that has a
Web server running, I am insured that only HTTP traffic comes down that
port or if it was 20 and 21 that only FTP traffic comes down the ports,
dropping all other traffic that tries to come down the ports, as an
example.

>
>><snip>
>>
>>What does a firewall do?
>>
>>A firewall examines all traffic routed between the two networks to see
>>if it meets certain criteria. If it does, it is routed between the
>>networks, otherwise it is stopped. A firewall filters both inbound and
>>outbound traffic. It can also manage public access to private
>>networked resources such as host applications. It can be used to log
>>all attempts to enter the private network and trigger alarms when
>>hostile or unauthorized entry is attempted. Firewalls can filter
>>packets based on their source and destination addresses and port
>>numbers. This is known as address filtering. Firewalls can also filter
>>specific types of network traffic. This is also known as protocol
>>filtering because the decision to forward or reject traffic is
>>dependant upon the protocol used, for example HTTP, ftp or telnet.
>>Firewalls can also filter traffic by packet attribute or state.
>>
>><snip>
>
> So what part of that is not being done in the WRT54G firewall?
>
> I am certainly no expert on firewalls, but I just don't see a
> thing in that list which the WRT54G doesn't do.
>

Rule stop outbound traffic

1) LAN IP(s) 192.168.111.2 through 192.168.111.5 outbound
2) Protocol HTTP
3) Remote destination IP(s) 207.169.222.56 through 207.169.222.60
Internet IP(s)

Or rule to stop inbound

1) Remote IP 207.222.777.66 inbound Internet IP(s)
2) Port 119
3) LAN IP(s) 192,168.111.7 through 192.168.111.10

Stop outbound from a LAN IP

1) LAN IP 192.168.111.3
2) Ports 1-66535 TCP, UDP or protocol number
3) Destination LAN IP(s) *ANY*
4) OR 192.168.111.5 through 192.168.111.10

The link may help in understanding FW solutions and a packet filtering
router is no match to FW appliance, even a low-end FW appliance.

http://www.more.net/technical/netserv/tcpip/firewalls/

I only bring this whole thing up because some people may have more plans
for his or her setup like hosting a Web serve and should know the
difference between a packet filtering NAT router they one may or may not
be able to set rules as opposed to FW appliance and the differences. The
link above explains it in detail.

Again a NAT router is a border device and is good in the protection for
the average home user; until high risk things are done with the router
then all bets are off.

Duane :)

.

Follow-Ups:
- Re: 56k dial up on laptop 802.11G ?
  - From: Floyd L. Davidson

References:
- 56k dial up on laptop 802.11G ?
  - From: bumtracks
- Re: 56k dial up on laptop 802.11G ?
  - From: David Taylor
- Re: 56k dial up on laptop 802.11G ?
  - From: David Taylor
- Re: 56k dial up on laptop 802.11G ?
  - From: Floyd L. Davidson
- Re: 56k dial up on laptop 802.11G ?
  - From: Duane Arnold
- Re: 56k dial up on laptop 802.11G ?
  - From: Floyd L. Davidson
- Re: 56k dial up on laptop 802.11G ?
  - From: Duane Arnold
- Re: 56k dial up on laptop 802.11G ?
  - From: Floyd L. Davidson

Prev by Date: Re: Option Fusion 3G/GPRS/GSM/WLAN
Next by Date: Re: business fixing insecure wifi?
Previous by thread: Re: 56k dial up on laptop 802.11G ?
Next by thread: Re: 56k dial up on laptop 802.11G ?
Index(es):
- Date
- Thread

Relevant Pages

Re: 56k dial up on laptop 802.11G ?
... >>>No NAT router is running FW software in the traditional sense. ... >> Linux firewall is not a firewall... ...
(alt.internet.wireless)
Re: router
... >network but without success. ... A NAT router provides a firewall by only exposing ports ...
(alt.computer.security)
Re: software/hardware Firewall tradeoff
... just there are two options (Firewall: ... The NAT router for home usage is not a FW either. ... What are a FWWhat is a packet filtering FW router? ...
(comp.security.firewalls)
Re: 56k dial up on laptop 802.11G ?
... >> The Linksys WRT54G series of wireless routers all have firewall ... >No NAT router is running FW software in the traditional sense. ... Linux firewall is not a firewall... ... >Firewalls can also filter specific types of network traffic. ...
(alt.internet.wireless)
Re: router
... >>network connections fail. ... >>I read somewhere that if I use a router it will allow any PC to connect at ... >>any time and has a firewall inbuilt. ... > A NAT router provides a firewall by only exposing ports ...
(alt.computer.security)