router firewall disabling

Can the firewalls in routers be turned off if I wish to use those in my PCs
instead.

Steve

In an earlier contribution to this discussion,
steve church <(E-Mail Removed)> wrote:

> Can the firewalls in routers be turned off if I wish to use those in
> my PCs instead.
>
> Steve

Most routers have a config option which enable you to turn off the firewall.

Perceived wisdom says you should use a software firewell in your PC *as well
as* rather than *instead of* the one in the router. For one thing, when your
PC boots, the internet connection may be live before the firewall gets
going - so the only protection is the router.
--
Cheers,
Tim
______
Please reply to newsgroup. Reply address is invalid.

steve church wrote:
> Can the firewalls in routers be turned off if I wish to use those
> in my PCs instead.

Yes, but why would you want to..? Best to use both. Belt & braces is a
phrase that springs to mind, one might catch something the other misses.

Ivor

> steve church <(E-Mail Removed)> wrote:
>
>
>>Can the firewalls in routers be turned off if I wish to use those in
>>my PCs instead.
>>
>>Steve
>

whats your router ip address )

"steve church" <(E-Mail Removed)> wrote in message
news:crs54l$30p$(E-Mail Removed)...
> Can the firewalls in routers be turned off if I wish to use those in my
PCs
> instead.

maybe - depends which kind of router and what type of firewall if any it
contains.

If the box is a conventional router as used in a corporate network - where
the router connect 2 or more subnets together, and all address are visible,
then the router just forwards IP packets, and doesnt track connections.

most SOHO routers are intended for use on an ISP connection where only a
single address is provided - in this config the router has to map addresses
(using address translation or NAT), so has to track connections to figure
out where each packet should go.

if you have to use NAT - i.e. you only get 1 IP from your ISP, then unless
you explicitly force the router to forward connection requests from outside
to 1 specific machine, then you still get protected from connection requests
coming from outside.

many of the routers sold for SOHO use doesnt really have a firewall as
such - they depend on the characteristics of NAT to limit access.
>
> Steve
--
Regards

Stephen Hope - return address needs fewer xxs

Thanks for the replies everyone.
I'm in the process of acquiring a router to run 2 PC's (wired) on broadband.
Thinking of Netgear GD834 or DLink504. I'm completely ignorant of
networking/broadband technology so can't pretend to understand a lot of
what's being said. Any good 'idiots guide' sites I should look at? I feel I
need to understand what it's all about.

Steve

"stephen" <(E-Mail Removed)> wrote in message
news:OCiEd.271$%(E-Mail Removed)...
> "steve church" <(E-Mail Removed)> wrote in message
> news:crs54l$30p$(E-Mail Removed)...
>> Can the firewalls in routers be turned off if I wish to use those in my
> PCs
>> instead.
>
> maybe - depends which kind of router and what type of firewall if any it
> contains.
>
> If the box is a conventional router as used in a corporate network - where
> the router connect 2 or more subnets together, and all address are
> visible,
> then the router just forwards IP packets, and doesnt track connections.
>
> most SOHO routers are intended for use on an ISP connection where only a
> single address is provided - in this config the router has to map
> addresses
> (using address translation or NAT), so has to track connections to figure
> out where each packet should go.
>
> if you have to use NAT - i.e. you only get 1 IP from your ISP, then unless
> you explicitly force the router to forward connection requests from
> outside
> to 1 specific machine, then you still get protected from connection
> requests
> coming from outside.
>
> many of the routers sold for SOHO use doesnt really have a firewall as
> such - they depend on the characteristics of NAT to limit access.
>>
>> Steve
> --
> Regards
>
> Stephen Hope - return address needs fewer xxs
>
>

On Sun, 9 Jan 2005 20:46:59 -0000, "steve church"
<(E-Mail Removed)> wrote:

>Can the firewalls in routers be turned off if I wish to use those in my PCs
>instead.

Don't do that. You should use both. They do different things, and will
trap different crack attempts / nasties.

"steve church" <(E-Mail Removed)> wrote in message
news:crs54l$30p$(E-Mail Removed)...
> Can the firewalls in routers be turned off if I wish to use those in my
PCs
> instead.
>
> Steve
>
>

Am I right in thinking that they way that NAT works, it drops inbound WAN
packets if not specifically requested by a LAN host? And so is a "firewall"
in that sense? So if a router NATs the "firewall" can't be switched off?

Ian


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.832 / Virus Database: 566 - Release Date: 10/01/2005

"ian" <(E-Mail Removed)> wrote in message
news:SPDEd.894$(E-Mail Removed)...
>
> "steve church" <(E-Mail Removed)> wrote in message
> news:crs54l$30p$(E-Mail Removed)...
> > Can the firewalls in routers be turned off if I wish to use those in my
> PCs
> > instead.
> >
> > Steve
> >
> >
>
> Am I right in thinking that they way that NAT works, it drops inbound WAN
> packets if not specifically requested by a LAN host?

Sort of - some allow you to configure an address to send either all
"unmatched" packets to, or just those on specific ports or ranges.

this often gets called a DMZ, although a "real" firewall would have a DMZ
configured on a separate physical port or VLAN.

And so is a "firewall"
> in that sense?

thats how it should behave by default.

> So if a router NATs the "firewall" can't be switched off?

As usual - it depends. Often you can disable NAT completely, but the config
options / manuals often dont make reference to NAT and which options get rid
of it.
>
> Ian
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.832 / Virus Database: 566 - Release Date: 10/01/2005
--
Regards

Stephen Hope - return address needs fewer xxs