Re: 56k dial up on laptop 802.11G ?

Can I muddy the waters with my opinions?

Ever wonder why the terms "firewall" and "router" are different and
haven't been combined into one? You don't hear about anyone selling a
"firewall router" or some similar conglomeration. That's because the
common definitions have changed somewhat since Cisco first invented
routers and are difficult to isolate.

These days, a firewall is anything that keeps the barbarians out of a
protected LAN. It can be NAT, PAT, SPI, dual bastion host, manual
inspection, or a dog sniffing packets, and still be considered a
functional firewall. How this is accomplished varies by technique,
complexity, topology.

A router is just something that glues two networks together. That was
the original purpose of routers and remains the same today. It's
assumed to operate at the IP level and make some decisions relating to
connecting two (or more) IP networks together. It does this by
inspecting the IP headers and sometimes the packet contents, and
making decisions based upon their contents.

The problem is that both firewalls and routers inspect packets and
make decisions, often in exactly the same way. Yet, their purposes
are different. Many of the examples previously offered of what
allegedly constitutes a firewall are actually definitions of what
constitutes a firewall, are actually examples of router functions.
For example, static routes to a remote office are a router function,
not a firewall function.

Unfortunately, the large amount of overlap between firewalls and
routers are where methinks the problem is hiding. Filtering by
service type can be considered both a router and firewall function.
Filtering by WAN side IP address is a firewall function. Controlling
outgoing traffic from the LAN is pure router. I once saw a list of
these features and their classification in a Cisco CCNE book somewhere
on my shelf, but I sold those and can't check.

So, how can one tell if it's a firewall, router, or both? Easy, by
the function it's performing. Duz the feature in question control
access from the WAN to the LAN? If so, it's a firewall feature. Duz
the feature in question control the way two networks are connected?
If so, then it's a router feature.

In my never humble opinion, any NAT router should be considered a
firewall because NAT controls access to the LAN from the WAN. How
well it does this, and to what level of control is another question
which methinks is at the heart of the current discussion. The WRT54G
comes stock with IP Tables which is the basis of most Linux firewall
implementations. (Well, I use IP Chains in FreeSCO). Dumping:
iptables -L
from my WRT54G will results in about 60 lines of definitions, which
methinks qualify by their complexity to be a suitable router. In
addition, most of these rules deal with internal/external traffic
control, which methinks qualifies as firewall functions. One of the
things I like about the WRT54G is that the router definitions give me
more firewall control than most cheapo routers. For example, I just
noticed that I have some filters in place to block IP's of spammers
that try dictionary attacks on my mail server, which is a firewall
feature.

Please feel free to continue the discussion. I find it interesting.
However, I would like to suggest that you both consider the
definitions of firewall and router in terms of what they do, rather
than in terms of how they function.



--
Jeff Liebermann jeffl@xxxxxxxxxxxxxxxxxxxxxx
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
AE6KS 831-336-2558
.

Relevant Pages

  • Re: Just venting (totally OT)
    ... the ame router to get access to the net! ... I'm paranoid about opening up my firewall "just in case..." ... not visiting dodgy Websites. ... The protection that it does supply is also provided by ...
    (uk.people.support.depression)
  • Re: Just venting (totally OT)
    ... how long it plays for because it's all been ripped on to hard disc ... the ame router to get access to the net! ... I'm paranoid about opening up my firewall "just in case..." ... The protection that it does supply is also provided by ...
    (uk.people.support.depression)
  • Re: What is broken:McAfeee firewall or my router ????? Urgent, ple
    ... your computer regardless of what McAfee firewall said. ... If your router is ... warned about those ports being available right away if you had any of those ...
    (microsoft.public.security)
  • Re: What is broken:McAfeee firewall or my router ????? Urgent, ple
    ... your computer regardless of what McAfee firewall said. ... If your router is ... warned about those ports being available right away if you had any of those ...
    (microsoft.public.security)
  • Re: Just venting (totally OT)
    ... long it plays for because it's all been ripped on to hard disc so it ... I'm paranoid about opening up my firewall "just in case..." ... having the protection of a router, not opening dodgy emails, and not ... The protection that it does supply is also provided by your router ...
    (uk.people.support.depression)