[Hoosier_1701]

A Mac is connected to a Linksys cable/dsl router with 4 port switch. Block wan request is enabled. Would there be any advantage to running Jaguar's software firewall also, or does the router provide enough protection?

[Socially Awkward Solo]

The router should be more then enough. Doing both will only cause problems.

[Millennium]

I'm not familiar with that particular type of router: does it have a firewall of its own?

If it does, then that's enough: use that, and you can safely let your machines run "behind the firewall" without firewalls of their own. However, if the router doesn't have its own firewall, then your machines are still at some risk, and you should at least consider firewalling them individually.

[SMacTech]

I have a LinkSys router, 4 port switch. It does not have a firewall built in. Just a DHCP server and configuration for NAT to forward a port to an internal IP.
I don't know what the Block WAN request does, but if it is on by default, I am using that setting.

[starman]

Originally posted by SMacTech:
I have a LinkSys router, 4 port switch. It does not have a firewall built in. Just a DHCP server and configuration for NAT to forward a port to an internal IP.
I don't know what the Block WAN request does, but if it is on by default, I am using that setting.

Unless you have a different model, the Linksys 4-port router/switch most certainly DOES have a firewall built in.

I had the 4, and now have the 8-port Linksys router/switch/firewall. It's definitely more than enough. No need to turn the firewall on with OS X. As stated before, it will only cause problems.

The ONLY reason why you'd want to put a firewall on any machine that's already behind a hardware firewall is to keep out intruders from other machines that are behind your firewall.

Mike

[::maroma::]

Could someone post a link to said 4-port LinkSys router? I am getting ready to get my first router, and I have no idea where to begin. This one sounds like what I'd need. I'll have 2 machines sharing a cable connection at home. Thanks!

[OreoCookie]

I suggest that you use a firewall despite the fact that your router has one. First of all, it can't hurt. Second of all, and more importantly, the firewalls offered by router are often not as secure as the ones offered by BSD (ipfw) that is also used by MacOS X.

I believe I have read that in a German computer magazine:

Many models are configured using telnet (since windows doesn't have ssh built-in, don't we just love it). There are service passwords for routers that are (for some models) published on hacker sites.

So I'd simply use the firewall since it doesn't interfer with what you are doing.

[Moose]

Uh. Okay:

1) He's behind NAT. This alone is enough protection unless one of two things is true: a) He has ports forwarded, or b) his router can get exploited and used as a jumping-off point to exploit the internal network. If he had ports forwarded, he probably had a good reason for doing so, and probably doesn't want to firewall them.

2) While ipfw is certainly among the "best of breed" firewalling systems, I would hesitate to state categorically that it's better than whatever Linksys is using. Hell, Linksys might even be using ipfw.

3) Mac OS X is pretty good about not having lots of services running for no reason. Firewalling without knowing what you're doing or why you're doing it (in other words, firewalling just to say you're firewalling) is far more likely to cause problems than not firewalling at all.

I wouldn't particularly recommend that you firewall your system. None of the machines on my internal network (behind NAT) have had firewalls running on them, and have yet to have any problems in the past few years.

[SMacTech]

Originally posted by starman:
Unless you have a different model, the Linksys 4-port router/switch most certainly DOES have a firewall built in.

Mike

umm, no it is not a true firewall, it is NAT that acts like a firewall. Here is a Link
It isn't at all functional like ipfw which is built-in to OS X.

Here is the true definition of a firewall

[Back up 15 and punt]

For all of people arguing about firewalls here is a couple of good website that provides reviews and can answer any of your specific questions.

http://www.practicallynetworked.com/

http://www.smallnetbuilder.com/

[Socially Awkward Solo]

Originally posted by ::maroma:::
Could someone post a link to said 4-port LinkSys router? I am getting ready to get my first router, and I have no idea where to begin. This one sounds like what I'd need. I'll have 2 machines sharing a cable connection at home. Thanks!

NO! DO NOT GET A LINKSYS! They are so problimatic, the practically networked boards are full of problems.

You should look at a Netgear, they are incredible.

[::maroma::]

Originally posted by Socially Awkward Solo:
NO! DO NOT GET A LINKSYS! They are so problimatic, the practically networked boards are full of problems.

You should look at a Netgear, they are incredible.

Fair enough. For someone who has a simple home network and a cable modem, what would be a good one to get? I'd like to have all the nice options so I don't have to think about it, just plug it in and it works. Keep in mind, I've never used a router before, so I'm a newbie dork in this area. (And I don't know crap about port forwarding, NAT, etc etc).

[SMacTech]

I haven't had any problems with any LinkSys router/switches that I have delivered to our outside salesreps or at my home office.
That said, NetGear makes great stuff! Our internet routers here at work are Cisco however. NAT is really not a replacement for a good configurable firewall, and there isn't much to argue about there.

If I relied on NAT here to protect our 100+ users, I would have lost my job a long time ago. I use a GNAT box which is totally configurable to do most everything a real firewall should be capable of.

[starman]

Originally posted by Socially Awkward Solo:
NO! DO NOT GET A LINKSYS! They are so problimatic, the practically networked boards are full of problems.

You should look at a Netgear, they are incredible.

Yeah, that's why they're the best selling

I've had Linksys for many years without a single problem.

Mike

[starman]

Originally posted by SMacTech:
umm, no it is not a true firewall, it is NAT that acts like a firewall. Here is a Link
It isn't at all functional like ipfw which is built-in to OS X.

Here is the true definition of a firewall

if it looks like a duck,
talks like a duck,
walks like a duck...

Maybe TECHNICALLY it's not a firewall, but it keeps sh*t out of my network. Isn't THAT what a firewall's job is?

Mike

[Back up 15 and punt]

Originally posted by ::maroma:::
Fair enough. For someone who has a simple home network and a cable modem, what would be a good one to get? I'd like to have all the nice options so I don't have to think about it, just plug it in and it works. Keep in mind, I've never used a router before, so I'm a newbie dork in this area. (And I don't know crap about port forwarding, NAT, etc etc).

I use the Netgear RO318. I believe that Netgear has replaced this box but I'm not sure. I have had people try to break its security, on purpose, and nobody has been able to. It contains some advance firewall features and I also ran some specific test that will point out a weakness in my firewall. DSLREPORT.COM can test your firewall. Honestly, if you want the best firewall router for your home then you need to spend some money but it won't necessarily provide any additional benefit. Again I urge you to spend some on the two websites that I posted earlier.

[SMacTech]

Originally posted by starman:
if it looks like a duck,
talks like a duck,
walks like a duck...

Maybe TECHNICALLY it's not a firewall, but it keeps sh*t out of my network. Isn't THAT what a firewall's job is?

Mike

Mike, yes it is. But a router with NAT doesn't walk, talk or look like a real firewall, it only smells like one. NAT is good enough for home or small business, but you can very easily subvert NAT and intrude if the user behind the firewall initiates a connection to a rogue web site.

[Hoosier_1701]

Thanks for all the replies. It doesn't seem like there is a true consensus as to what is needed when using this Linksys router/switch. Before I got the router, I was running ZoneAlarm on a Win2000 machine connected directly to my cable modem. I would get several probes a day into my machine, but ZoneAlarm seemed to block all of them. Once I got the router, I never saw another probe actually hit my PC. When I got the iMac, I wasn't aware of any software firewalls available, so I never installed one. It seems like the NAT protection might be "good enough."

[SMacTech]

Originally posted by Hoosier_1701:
It seems like the NAT protection might be "good enough."

Yes, for you and most of us, it is!