Linksys Befsr41 with Peer to Peer?

Discussion in 'Computer Support' started by Tuz, Oct 18, 2004.

  1. Tuz

    Tuz Guest

    Im using a BEFSR41 router and want to use Kazaa and soulseek which currently
    wont connect. If I put a machine into the DMZ zone (in my router setup) or
    if I port forward certain ports for peer to peer file sharing, can I simply
    use a software firewall for the machines that are in the DMZ to take care of
    exposed machines/ports?

    If that's the case, then isn't it better to just disable the whole router
    firewall and use a software firewall instead of the routers firewall? It
    seems that software firewalls do everything hardware firewalls do with the
    addition of preventing unauthorised apps from connecting to the net?

    Also does anyone happen to know which ports soulseek and kazaa use? :)
    Thanks
     
    Tuz, Oct 18, 2004
    #1
    1. Advertising

  2. Tuz

    Duane Arnold Guest

    "Tuz" <> wrote in
    news:I7Lcd.30270$:

    > Im using a BEFSR41 router and want to use Kazaa and soulseek which
    > currently wont connect. If I put a machine into the DMZ zone (in my
    > router setup) or if I port forward certain ports for peer to peer file
    > sharing, can I simply use a software firewall for the machines that
    > are in the DMZ to take care of exposed machines/ports?


    You should use port forwarding on the router and not expose the entire
    machine in the DMZ.
    >
    > If that's the case, then isn't it better to just disable the whole
    > router firewall and use a software firewall instead of the routers
    > firewall? It seems that software firewalls do everything hardware
    > firewalls do with the addition of preventing unauthorised apps from
    > connecting to the net?


    The Linksys NAT router at best has SPI and some FW like features and has
    no FW period. A NAT router or a PFW solution is not in the league of a
    WhatchGuard Firebox appliance.

    >
    > Also does anyone happen to know which ports soulseek and kazaa use? :)



    Note that if you port forward the ports on the Linksys NAT router to an
    IP/machine, then the protection of the NAT router is not on the forwarded
    ports to the machine and you will need a PFW solution like ZA or one of
    the others to protect the machine on those forwarded ports.

    The Linksys and other NAT routers such as D-link, Netgear, etc. etc. meet
    the specs in the link and do not have FW(s).

    http://tinyurl.com/6agku

    FW appliances such as Watchguard, Cisco, SnapGear etc etc have FW(s) and
    meet the specs in the link for *what does a FW do*.

    http://tinyurl.com/4awxu

    The word FW in the title of a NAT router is a marketing ploy to get users
    to buy the product. They do not have a *true* FW and are good enough for
    home protection until one starts doing high risk things.

    What ports needed to be forwarded on the NAT router can be found by using
    Google or Dogpile.
     
    Duane Arnold, Oct 18, 2004
    #2
    1. Advertising

  3. Tuz

    Dodo Guest

    Why would one use a personal firewall to protect a machine from forwarded
    ports?
     
    Dodo, Oct 18, 2004
    #3
  4. Tuz

    Duane Arnold Guest

    "Dodo" <> wrote in
    news:bde16$417438ec$43663cd2$:

    > Why would one use a personal firewall to protect a machine from
    > forwarded ports?
    >
    >
    >

    That's because the NAT router provides no protection for the IP/machine on
    the port(s) that are being port forwarded to the machine. The NAT router
    doesn't ensure that a certain kind of traffic or protocol such as FTP or
    HTTP comes down the respective ports like 20 and 21 FTP or 80 HTTP as an
    example. If one wanted to control what IP(s) reach the machine on the
    forwarded ports, most NAT routers do not have the ability to set the rules
    as an example to block specified IP(s).

    Duane :)
     
    Duane Arnold, Oct 18, 2004
    #4
  5. Tuz

    Dodo Guest

    The Linksys BEFSR41 filters incoming traffic based on destination port
    number and network protocol.

    Server software may provide filtering based on source IP address.

    ZoneAlarm Pro 5.1 provides additional filtering based on destination IP
    address, source port number and day/time, but does not provide filtering for
    incoming traffic based on application-layer protocols, such as FTP and HTTP.
     
    Dodo, Oct 19, 2004
    #5
  6. Tuz

    Duane Arnold Guest

    "Dodo" <> wrote in
    news:acee7$41747591$43663cd2$:

    > The Linksys BEFSR41 filters incoming traffic based on destination port
    > number and network protocol.
    >
    > Server software may provide filtering based on source IP address.
    >
    > ZoneAlarm Pro 5.1 provides additional filtering based on destination
    > IP address, source port number and day/time, but does not provide
    > filtering for incoming traffic based on application-layer protocols,
    > such as FTP and HTTP.
    >
    >
    >


    http://support.microsoft.com/kb/289892

    I want to know where you can give the protocol numbers in setting inbound
    or outbound rules on a Linksys NAT router like I can on the WatchGuard FW
    appliance. I still have a Linksys as a wire/wireless SW on the network.

    There is the user manual. On what page does it indicate that the protocol
    numbers can be given in the rules?

    ftp://ftp.linksys.com/pdf/befsr41V3_ug.pdf

    There is the WG SOHO 6 that I use that can set the rules by protocol
    number and has pre-configured services rules that it does protect on.

    http://tinyurl.com/4mxyn

    And where was it that I was indicating that ZA could protect services? I
    think I was talking about the NAT router and port forwarding, although I
    would use something like ZA to supplement a NAT router.

    I would also use IPsec that is not even a FW but can protect based on
    services and protocols numbers that can be given in the rules on XP, Win
    2k and Win 2K3 to supplement a NAT router.

    http://www.analogx.com/contents/articles/ipsec.htm

    Even BalckIce follows the RCF Standards for protocol in use.

    Duane :)
     
    Duane Arnold, Oct 19, 2004
    #6
  7. Tuz

    Dodo Guest

    Page 25 in the Linksys manual. Port-forwarding can be enabled for protocol
    number 6 (TCP), 17 (UDP) or both.

    "Note that if you port forward the ports on the Linksys NAT router to an
    IP/machine, then the protection of the NAT router is not on the forwarded
    ports to the machine and you will need a PFW solution like ZA or one of the
    others to protect the machine on those forwarded ports."

    "The NAT router doesn't ensure that a certain kind of traffic or protocol
    such as FTP or HTTP comes down the respective ports like 20 and 21 FTP or
    80 HTTP as an example."

    While ZoneAlarm can offer offer some security benefits not provided by the
    Linksys, ZoneAlarm cannot "...ensure that a certain kind of traffic or
    protocol such as FTP or HTTP comes down the respective ports like 20 and 21
    FTP or 80 HTTP as an example." ZoneAlarm, like the Linksys, can ensure that
    a certain kind of traffic or protocol such as TCP or UDP comes down the
    respective ports like 20 and 21 FTP or 80 HTTP as an example.
     
    Dodo, Oct 19, 2004
    #7
  8. Tuz

    Duane Arnold Guest

    "Dodo" <> wrote in
    news:b9d06$41749258$43663cd2$:

    > Page 25 in the Linksys manual. Port-forwarding can be enabled for
    > protocol number 6 (TCP), 17 (UDP) or both.



    That is only two out of how many other protocol numbers? That doesn't
    ensure that only HTTP traffic comes down port 80 or FTP on 20 and 21.
    Come on man please I know all about the Linksys NAT router.

    >
    > "Note that if you port forward the ports on the Linksys NAT router to
    > an IP/machine, then the protection of the NAT router is not on the
    > forwarded ports to the machine and you will need a PFW solution like
    > ZA or one of the others to protect the machine on those forwarded
    > ports."


    And the router doesn't protect on the forwarded ports. I had those ports
    forwarded and saw all the scans and attacks that were coming down the
    ports using BI to supplement the NAT router and some of it had nothing to
    do with HTTP or FTP.

    >
    > "The NAT router doesn't ensure that a certain kind of traffic or
    > protocol such as FTP or HTTP comes down the respective ports like 20
    > and 21 FTP or 80 HTTP as an example."


    Again, I am talking about the NAT router and it's in reference to a FW
    appliance. On the other hand, it's my bad in thinking ZA could do what BI
    can do to protect services.

    >
    > While ZoneAlarm can offer offer some security benefits not provided by
    > the Linksys, ZoneAlarm cannot "...ensure that a certain kind of
    > traffic or protocol such as FTP or HTTP comes down the respective
    > ports like 20 and 21 FTP or 80 HTTP as an example." ZoneAlarm, like
    > the Linksys, can ensure that a certain kind of traffic or protocol
    > such as TCP or UDP comes down the respective ports like 20 and 21 FTP
    > or 80 HTTP as an example.


    Maybe, what I should have said was BlackIce and left ZA out of the
    picture period.

    But on the other hand, that's why I have a WG and not a Linksys using BI
    to supplement the NAT router.

    Duane :)
     
    Duane Arnold, Oct 19, 2004
    #8
  9. Tuz wrote:

    > Im using a BEFSR41 router and want to use Kazaa and soulseek which
    > currently wont connect.


    Unless you plan on doing a LOT of anti-virus disinfecting, this might be
    a good thing.

    > If I put a machine into the DMZ zone (in my router setup) or if I
    > port forward certain ports for peer to peer file sharing, can I
    > simply use a software firewall for the machines that are in the DMZ
    > to take care of exposed machines/ports?


    For safety sake, you should be running a software firewall anyway... but
    then again, some ppl call me "paranoid".

    > If that's the case, then isn't it better to just disable the whole
    > router firewall and use a software firewall instead of the routers
    > firewall?


    Think of it this way... you COULD remove the seat belts from your
    automobile, figuring that the air bags will do all the work of
    protecting you in a crash - but you don't because that's unsafe.

    Voluntarily disabling a piece of security that's protecting your
    computer(s) is about the same thing.

    > Also does anyone happen to know which ports soulseek and kazaa use?


    Nope.. and it might not be the firewall. It could just as easily be the
    NAT system, though I doubt that.

    Better check with your ISP's Terms of Use - running software like those
    could be considered "operating a server", which some groups call a
    "Big-time-no-no" (IE, service canceling) offense.

    --

    BuffNET Technical Support Supervisor
    (BEHOLD! The power of the BOFH!)
     
    BuffNET Tech Support - MichaelJ, Oct 20, 2004
    #9
  10. why the hell would anyone try to protect thier pc and use Kazaa?

    "Dodo" <> wrote in message
    news:bde16$417438ec$43663cd2$...
    > Why would one use a personal firewall to protect a machine from forwarded
    > ports?
    >
    >
     
    Lonely Planet Boy, Oct 23, 2004
    #10
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. John A.
    Replies:
    1
    Views:
    960
    John A.
    Jul 4, 2004
  2. Replies:
    1
    Views:
    473
    Barry Margolin
    Jul 1, 2005
  3. rob mark

    linksys befsr41 and battle.net?

    rob mark, Aug 16, 2003, in forum: Computer Support
    Replies:
    0
    Views:
    491
    rob mark
    Aug 16, 2003
  4. ANON

    PLEASE HELP!!! Linksys Router BEFSR41 ver.2

    ANON, Oct 5, 2003, in forum: Computer Support
    Replies:
    3
    Views:
    3,701
    pcbutts1
    Oct 5, 2003
  5. Lawrence

    Linksys Router Hook-up BEFSR41 Problem

    Lawrence, Oct 19, 2003, in forum: Computer Support
    Replies:
    14
    Views:
    5,248
    Lawrence
    Oct 20, 2003
Loading...

Share This Page