router firwalls?

Archived from groups: comp.security.firewalls (More info?)

Does any router work as a hardware firewall? If not, what router label do I
look for to ensure the router I get will act as a firewall.

Seems I've heard of NAT routers. Is this one of the firewall routers?
14 answers Last reply
More about router firwalls
  1. Archived from groups: comp.security.firewalls (More info?)

    RB wrote:

    > Does any router work as a hardware firewall?

    Nope. A router only does NAT (network address translation). Some people
    classify NAT as a firewall, but it's not in my opinion. It's simply how a
    router routes packets from external IP's (internet) to internal IP's (LAN).

    > If not, what router label do
    > I look for to ensure the router I get will act as a firewall.

    Uh, the word "firewall" would do it for me....

    >
    > Seems I've heard of NAT routers. Is this one of the firewall routers?

    No, NAT is how they work, Router is what the object is. I'd slap someone if
    they told me they had a "NAT router". I'd be like "DUH!" A router without
    NAT, how would that work? lol.
    Look for something that says "firewall" router. That, or find an old
    pentium 1 with 64mb ram and 1gb hdd and put Smoothwall 2.0 Linux on it.
    Then it will act as a router AND a firewall AND a DHCP server (and DHCP is
    another useful thing most routers do, but is not part of the "job
    requirements" of a router).

    --
    Nobody wants constructive criticism. It's all we can do to put up with
    constructive praise.
  2. Archived from groups: comp.security.firewalls (More info?)

    On Wed, 07 Apr 2004 01:38:42 -0600, NeoSadist <neosad1st@charter.net>
    wrote:

    >> Seems I've heard of NAT routers. Is this one of the firewall routers?
    >
    >No, NAT is how they work, Router is what the object is. I'd slap someone if
    >they told me they had a "NAT router". I'd be like "DUH!" A router without
    >NAT, how would that work? lol.

    Uh, Cisco has made hundreds of thousands of routers without NAT.
    Everything pre IOS 11.3 had no NAT. There are probably 1000 of them
    running within 5 miles of you, unless you live in the sticks that is.

    So slap me.
  3. Archived from groups: comp.security.firewalls (More info?)

    "RB" <rbig@bellsouth.nospam.net> wrote in message
    news:QoNcc.3840$ZJ6.2609@bignews5.bellsouth.net...
    > Does any router work as a hardware firewall? If not, what router label do
    I
    > look for to ensure the router I get will act as a firewall.
    >
    > Seems I've heard of NAT routers. Is this one of the firewall routers?
    >

    http://www.homenethelp.com/web/explain/about-NAT.asp

    Linksys Dlink and others fall into the above category.

    http://www.linksys.com/products/group.asp?grid=34&scid=29
    http://www.dlink.com/products/category.asp?cid=2

    http://www.firewall-software.com/firewall_faqs/what_is_a_firewall.html

    WatchGuard SnapGear and others fall into the above category.

    http://www.cdw.com/shop/search/Results.aspx?key=WatchGuard&platform=all&x=14&y=11
    http://www.cyberguard.com/snapgear/

    Duane :)
  4. Archived from groups: comp.security.firewalls (More info?)

    "NeoSadist" <neosad1st@charter.net> wrote in message
    news:1077c0l4vjvo98d@corp.supernews.com...
    > RB wrote:
    >
    > > Does any router work as a hardware firewall?
    >
    > Nope. A router only does NAT (network address translation). Some people
    > classify NAT as a firewall, but it's not in my opinion. It's simply how a
    > router routes packets from external IP's (internet) to internal IP's
    (LAN).

    Agreed - but some routers do have a full built firewall functions (e.g. a
    cisco with firewall IOS), and since a firewall usually supports NAT as well,
    you can get firewalls that do the same job as a SOHO router (e.g. a cisco
    pix 501) - i just pick on cisco here as they are well known, and thats what
    i work with most.
    >
    > > If not, what router label do
    > > I look for to ensure the router I get will act as a firewall.
    >
    > Uh, the word "firewall" would do it for me....

    firewall is one of those terms which gets abused - so better to decide what
    you want and then look for the functionality rather than rely on the "F"
    word.

    there are lots of blurred edges here - some firewalls use stateful packet
    inspection, some dont, others can scan for URLs and limit access, or watch
    data within a transfer with IDS style inspection to try to pick up worms and
    viruses.

    The key difference is that a firewall should more or less block everything
    that isnt explicitly allowed, and a router tends to allow everything that
    isnt explicitly blocked - under those rules just about every SOHO router
    isnt a firewall as they tend to allow any connection from inside to outside,
    to minimise the amount of setup needed.
    >
    > >
    > > Seems I've heard of NAT routers. Is this one of the firewall routers?
    >
    > No, NAT is how they work, Router is what the object is. I'd slap someone
    if
    > they told me they had a "NAT router". I'd be like "DUH!" A router
    without
    > NAT, how would that work? lol.

    a bit of nit picking - NAT is usually only used for SOHO routers driving
    internet links or in a hosting centre - most enterprise networks (and most
    of the internet) is built from routers that are not configured for NAT.

    > Look for something that says "firewall" router. That, or find an old
    > pentium 1 with 64mb ram and 1gb hdd and put Smoothwall 2.0 Linux on it.
    > Then it will act as a router AND a firewall AND a DHCP server (and DHCP is
    > another useful thing most routers do, but is not part of the "job
    > requirements" of a router).
    >
    > --
    > Nobody wants constructive criticism. It's all we can do to put up with
    > constructive praise.
    --
    Regards

    Stephen Hope - remove xx from email to reply
  5. Archived from groups: comp.security.firewalls (More info?)

    shope wrote:

    > "NeoSadist" <neosad1st@charter.net> wrote in message
    > news:1077c0l4vjvo98d@corp.supernews.com...
    >> RB wrote:
    >>
    >> > Does any router work as a hardware firewall?
    >>
    >> Nope. A router only does NAT (network address translation). Some people
    >> classify NAT as a firewall, but it's not in my opinion. It's simply how
    >> a router routes packets from external IP's (internet) to internal IP's
    > (LAN).
    >
    > Agreed - but some routers do have a full built firewall functions (e.g. a
    > cisco with firewall IOS), and since a firewall usually supports NAT as
    > well, you can get firewalls that do the same job as a SOHO router (e.g. a
    > cisco pix 501) - i just pick on cisco here as they are well known, and
    > thats what
    > i work with most.

    But a router by definition doesn't need a firewall. A firewall is an
    additional feature, not part of a router's job description.

    >>
    >> > If not, what router label do
    >> > I look for to ensure the router I get will act as a firewall.
    >>
    >> Uh, the word "firewall" would do it for me....
    >
    > firewall is one of those terms which gets abused - so better to decide
    > what you want and then look for the functionality rather than rely on the
    > "F" word.

    I know that.

    >
    > there are lots of blurred edges here - some firewalls use stateful packet
    > inspection, some dont, others can scan for URLs and limit access, or watch
    > data within a transfer with IDS style inspection to try to pick up worms
    > and viruses.
    >
    > The key difference is that a firewall should more or less block everything
    > that isnt explicitly allowed, and a router tends to allow everything that
    > isnt explicitly blocked - under those rules just about every SOHO router
    > isnt a firewall as they tend to allow any connection from inside to
    > outside, to minimise the amount of setup needed.

    Yes, they are diametrically opposed...

    >>
    >> >
    >> > Seems I've heard of NAT routers. Is this one of the firewall routers?
    >>
    >> No, NAT is how they work, Router is what the object is. I'd slap someone
    > if
    >> they told me they had a "NAT router". I'd be like "DUH!" A router
    > without
    >> NAT, how would that work? lol.
    >
    > a bit of nit picking - NAT is usually only used for SOHO routers driving
    > internet links or in a hosting centre - most enterprise networks (and most
    > of the internet) is built from routers that are not configured for NAT.

    I've yet to see a router without NAT, and/or use one, but then again....

    >
    >> Look for something that says "firewall" router. That, or find an old
    >> pentium 1 with 64mb ram and 1gb hdd and put Smoothwall 2.0 Linux on it.
    >> Then it will act as a router AND a firewall AND a DHCP server (and DHCP
    >> is another useful thing most routers do, but is not part of the "job
    >> requirements" of a router).
    >>
    >> --
    >> Nobody wants constructive criticism. It's all we can do to put up with
    >> constructive praise.

    --
    Maintainer's Motto:
    If we can't fix it, it ain't broke.
  6. Archived from groups: comp.security.firewalls (More info?)

    Steevo@my-deja.com wrote:

    > On Wed, 07 Apr 2004 01:38:42 -0600, NeoSadist <neosad1st@charter.net>
    > wrote:
    >
    >>> Seems I've heard of NAT routers. Is this one of the firewall routers?
    >>
    >>No, NAT is how they work, Router is what the object is. I'd slap someone
    >>if
    >>they told me they had a "NAT router". I'd be like "DUH!" A router
    >>without NAT, how would that work? lol.
    >
    > Uh, Cisco has made hundreds of thousands of routers without NAT.
    > Everything pre IOS 11.3 had no NAT. There are probably 1000 of them
    > running within 5 miles of you, unless you live in the sticks that is.
    >
    > So slap me.

    I'll slap you if you don't give me a link so that I may broaden my
    understanding of why anyone would want a router without NAT.... :D

    --
    Jenkinson's Law:
    It won't work.
  7. Archived from groups: comp.security.firewalls (More info?)

    Hi RB !

    I have a full fleshed firewall router (with SPI) TW100-BRF104 from
    TrendNet - and it's great and isn't expensive !

    http://www.trendnet.com/en/products/TW100-BRF104.htm
    www.trendnet.com

    Søren

    "RB" <rbig@bellsouth.nospam.net> wrote in message
    news:QoNcc.3840$ZJ6.2609@bignews5.bellsouth.net...
    > Does any router work as a hardware firewall? If not, what router label do
    I
    > look for to ensure the router I get will act as a firewall.
    >
    > Seems I've heard of NAT routers. Is this one of the firewall routers?
    >
    >
    >
  8. Archived from groups: comp.security.firewalls (More info?)

    In article <QoNcc.3840$ZJ6.2609@bignews5.bellsouth.net>,
    rbig@bellsouth.nospam.net says...
    > Does any router work as a hardware firewall?

    Routers are not firewalls and only have limited ability to protect your
    systems. If routers worked as firewalls they would be firewalls, not
    routers.

    > If not, what router label do I
    > look for to ensure the router I get will act as a firewall.

    If you want a firewall you need a product that is a firewall, not a
    router with NAT. A firewall will block both Inbound and Outbound traffic
    unless you create rules to permit it. A firewall may also perform
    routing functions including NAT.

    A typical SOHO Firewall appliance will cost about $350, a typical NAT
    router will cost about $50.

    Firewalls may also have the ability to filter content of web pages and
    email so that you can strip out Active-X and email attachments before
    they make it to your workstations or email server - routers don't do
    that.

    > Seems I've heard of NAT routers. Is this one of the firewall routers?

    There are several NAT routers that use the word "Firewall" in their
    description, but they are not firewalls, they are NAT devices with one
    or two firewall like features built into them.

    --
    --
    spamfree999@rrohio.com
    (Remove 999 to reply to me)
  9. Archived from groups: comp.security.firewalls (More info?)

    On Wed, 07 Apr 2004 11:42:21 -0600, NeoSadist spoketh


    >>
    >> a bit of nit picking - NAT is usually only used for SOHO routers driving
    >> internet links or in a hosting centre - most enterprise networks (and most
    >> of the internet) is built from routers that are not configured for NAT.
    >
    >I've yet to see a router without NAT, and/or use one, but then again....
    >

    If you haven't seen a router without NAT, then your experience is
    limited to the socalled "broadband" routers.

    Professional grade routers may have NAT as an option, but it's only used
    under special circumstances.


    Lars M. Hansen
    http://www.hansenonline.net
    (replace 'badnews' with 'news' in e-mail address)
  10. Archived from groups: comp.security.firewalls (More info?)

    "NeoSadist" <neosad1st@charter.net> wrote in message
    news:1078fdnoo2af711@corp.supernews.com...
    > Steevo@my-deja.com wrote:
    >
    > > On Wed, 07 Apr 2004 01:38:42 -0600, NeoSadist <neosad1st@charter.net>
    > > wrote:
    > >
    > >>> Seems I've heard of NAT routers. Is this one of the firewall routers?
    > >>
    > >>No, NAT is how they work, Router is what the object is. I'd slap
    someone
    > >>if
    > >>they told me they had a "NAT router". I'd be like "DUH!" A router
    > >>without NAT, how would that work? lol.
    > >
    > > Uh, Cisco has made hundreds of thousands of routers without NAT.
    > > Everything pre IOS 11.3 had no NAT. There are probably 1000 of them
    > > running within 5 miles of you, unless you live in the sticks that is.
    > >
    > > So slap me.
    >
    > I'll slap you if you don't give me a link so that I may broaden my
    > understanding of why anyone would want a router without NAT.... :D

    Ref design for large scale router networks (cisco)
    http://www.cisco.com/univercd/cc/td/doc/cisintwk/idg4/nd2003.htm

    lots more stuff there if you want to follow this up.

    >
    > --
    > Jenkinson's Law:
    > It won't work.
    --
    Regards

    Stephen Hope - remove xx from email to reply
  11. Archived from groups: comp.security.firewalls (More info?)

    On Wed, 07 Apr 2004 11:42:58 -0600, NeoSadist <neosad1st@charter.net>
    wrote:
    >Steevo@my-deja.com wrote:
    >> Uh, Cisco has made hundreds of thousands of routers without NAT.
    >> Everything pre IOS 11.3 had no NAT. There are probably 1000 of them
    >> running within 5 miles of you, unless you live in the sticks that is.
    >>
    >> So slap me.
    >
    >I'll slap you if you don't give me a link so that I may broaden my
    >understanding of why anyone would want a router without NAT.... :D

    Nat is a new-fangled idea. Not needed until they got so cheap with
    IPs.
  12. Archived from groups: comp.security.firewalls (More info?)

    >> Nope. A router only does NAT (network address translation). Some people
    classify NAT as a firewall, but it's not in my opinion. It's simply how a
    router routes packets from external IP's (internet) to internal IP's (LAN).

    Neo:

    Router and NAT are two different concepts.
    Router: does routing between two subnets via DA (destination address) and a
    route table (OSI layer 3 only).
    NAT as we use it: does one-to-many address translation via matching to a
    port table (OSI layers 3 & 4).

    And a stateless firewall: does packet filtering via packet header values
    (OSI layers 3 & 4).

    The problem is liberal usage of the word "router".

    My Netgear RT314 "router" provides the functionality of all of the
    following:
    Router
    NAT
    Inbound and outbound stateless firewall rules on both interfaces

    Note that I have used the RT314 with NAT disabled and it works as a basic
    router, it allows communication between two subnets.
  13. Archived from groups: comp.security.firewalls (More info?)

    In article <r9n970po5q06m5jtktjrnpljhdmah78pif@4ax.com>, steevo@my-
    deja.com says...
    > On Wed, 07 Apr 2004 11:42:58 -0600, NeoSadist <neosad1st@charter.net>
    > wrote:
    > >Steevo@my-deja.com wrote:
    > >> Uh, Cisco has made hundreds of thousands of routers without NAT.
    > >> Everything pre IOS 11.3 had no NAT. There are probably 1000 of them
    > >> running within 5 miles of you, unless you live in the sticks that is.
    > >>
    > >> So slap me.
    > >
    > >I'll slap you if you don't give me a link so that I may broaden my
    > >understanding of why anyone would want a router without NAT.... :D
    >
    > Nat is a new-fangled idea. Not needed until they got so cheap with
    > IPs.

    It's been around for a LONG time. No one is getting "cheap" with IP's,
    just having to ration them out to people that really need them instead
    of people that just like the idea of having a full class-c subnet for
    fun. A basic T1 still comes with 64 IP without justification in most
    parts of the US.

    NAT makes managing a company network a lot easier and safer if
    implemented correctly too.


    --
    --
    spamfree999@rrohio.com
    (Remove 999 to reply to me)
  14. Archived from groups: comp.security.firewalls (More info?)

    "NeoSadist" <neosad1st@charter.net> wrote in message
    news:1077c0l4vjvo98d@corp.supernews.com...
    >
    > No, NAT is how they work, Router is what the object is. I'd slap someone
    if
    > they told me they had a "NAT router". I'd be like "DUH!" A router
    without
    > NAT, how would that work? lol.

    It would work a bit like a router not using Network Address Translation
    ROFL!. The ethernet interface has the same ip address(es) as the WAN
    interface. Not uncommon.
Ask a new question

Read More

Firewalls Routers Networking