Home networking with LinkSys router.

[Daniel]

Archived from groups: comp.security.firewalls (More info?)

Have a pretty simple setup: 1 machine, W2K-Pro, DSL, running Kerio PF4
(recent upgrade from KPF2); 1 machine with Win98se, dial-up, running
ZoneAlarm Free 4.5. Have just added a Lynksys wireless-G router, with
NAT, to which the W2k machine connects via Ethernet, the Win98 machine
via wireless. Really dumb newbie questions:

1. Am I supposed to trust the router's IP? If I trust the router, and
the internet is coming through the router, does that have the effect of
'trusting' the entire internet?

2. As it's currently set up, though both machines are seeing the router
and the DSL attached to it, neither can see each other. I suspect this
is due to the firewalls. How do I 'open' the computers to each other,
for file and resource sharing, without 'opening' them to the world?

Are the firewalls in fact redundant, as far as protecting against
intrusion, considering the NAT?

As I said, I'm a newbie, and I'm dumb.

rabbit

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

On Sat, 10 Jul 2004 06:23:02 GMT, Daniel spoketh

>Have a pretty simple setup: 1 machine, W2K-Pro, DSL, running Kerio PF4
>(recent upgrade from KPF2); 1 machine with Win98se, dial-up, running
>ZoneAlarm Free 4.5. Have just added a Lynksys wireless-G router, with
>NAT, to which the W2k machine connects via Ethernet, the Win98 machine
>via wireless. Really dumb newbie questions:
>
>1. Am I supposed to trust the router's IP? If I trust the router, and
>the internet is coming through the router, does that have the effect of
>'trusting' the entire internet?

Yes, trust the router LAN IP. Since all traffic coming from the internet
will have the IP address of the client and not your router, this does in
no way imply you are trusting the entire internet.

>
>2. As it's currently set up, though both machines are seeing the router
>and the DSL attached to it, neither can see each other. I suspect this
>is due to the firewalls. How do I 'open' the computers to each other,
>for file and resource sharing, without 'opening' them to the world?

Both firewalls can be configured to trust a range of IP addresses. This
will/should all traffic between the trusted IPs, and resolve this
problem.

>
>Are the firewalls in fact redundant, as far as protecting against
>intrusion, considering the NAT?
>

Some would yes, some would say no. The NAT router does a good job
preventing traffic from coming in, however, it does a poor job at
blocking outgoing traffic. Since more and more malware are "calling
home" rather than just sit around and wait for incoming connections. If
you are worried about such software on your computer(s), you may have
more luck preventing it from making an outbound connection with a
software firewall than with a NAT router alone.


Lars M. Hansen
www.hansenonline.net
Remove "bad" from my e-mail address to contact me.
"If you try to fail, and succeed, which have you done?"

 

[Daniel]

Archived from groups: comp.security.firewalls (More info?)

Lars;

Thanks for the input.

> Yes, trust the router LAN IP. Since all traffic coming from the internet
> will have the IP address of the client and not your router, this does in
> no way imply you are trusting the entire internet.

OK.

> Both firewalls can be configured to trust a range of IP addresses. This
> will/should all traffic between the trusted IPs, and resolve this
> problem.

Been working on it, and so far I've been able to get one computer to see
the other on the network (but not the other way around) but can not
actually access any of the shared resources on that machine. But each
machine can see its OWN shared resources in the network neighborhood,
which is something I wasn't able to do before, so I guess I'm making
some progress in getting this sharing thing sussed out. When I disabled
the firewall on one computer, the other was able to access it, so I know
the issue is in the firewall configurations.