Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Rhinorhino on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Firewall necessary behind modem/router?

Status
Not open for further replies.
ChrisRChamberlain

ChrisRChamberlain

Programmer
Joined
Mar 23, 2000
Messages
3,392
Location
GB
Hi all

As a sequel to thread602-1266139, a Netgear DG834 modem/router has been installed, port forwarding configured, etc.

Apart from Apache etc, Cerberus FTP Server is also running on the web server box.

The ZoneAlarm firewall has been removed, possibly wrongly, on the assumption the hardware firewall would be adequate, and now the box is receiving Windows Messenger Service dialogs.

Disable Windows Messenger Service, reinstall ZoneAlarm or perhaps there is another solution?

TIA

FAQ184-2483 - answering getting answered.​
Chris [pc2]
PDFcommander.com
PDFcommander.co.uk
 
Sort by date Sort by votes
It sounds like all incoming traffic is being forwarded. This is not a good idea, you should instead forward traffic only on the specific ports needed -- in this case TCP 80 (for HTTP) and TCP 21 (for FTP). There should be no forwarding for other ports, which should effectively stop traffic at the router. An additional firewall would be redundant, but anti-virus is still a must.
 
Upvote 0 Downvote
mhkwood sounds like they are on the right path with the port forwarding. However, I would still recommend a good software firewall that does blocking/filtering on both inbound and outbound traffic for the PC, even if it is behind a hardware firewall. The hardware firewall can only protect you from unsolicited threats coming in from the Internet. Things that you or your users willingly download and install can still contain malware. Also, there's the possibility of someone connecting a malware-infected PC on the inside of you network, in which case your firewall is no protection.
 
Upvote 0 Downvote
mhkwood, kmcferrin

Thanks for your replies.

Cerburus FTP Server requires a Port Range from 1025 to 3500 as well as 21.

That range was set as TCP/UDP but has now been reset as TCP only and the messages seem to have stopped.

Will reinstall Zonealarm is this does not resolve the issue.

FAQ184-2483 - answering getting answered.​
Chris [pc2]
PDFcommander.com
PDFcommander.co.uk
 
Upvote 0 Downvote
Have a look on grc.com for advice on this subject.

Personally I prefer to run a software firewall as well so I have outbound monitoring.

If you're going to rely solely on the NAT filtering of your router then you *must* turn off uPnP.

Ed Metcalfe.

Please do not feed the trolls.....
 
Upvote 0 Downvote
Leave Universal Plug and Play alone.
The Steve Gibson stuff is woefully out of date.

 
Upvote 0 Downvote
Steve explains his position on uPnP in this podcast (broadcast slightly over 12 months ago):


I for one agree with his reasoning.

Ed Metcalfe.

Please do not feed the trolls.....
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

goombawaho
  • Locked
  • Question Question
Router behind Uverse NVG589 for Vonage boxes
Replies
0
Views
199
goombawaho
goombawaho
goombawaho
  • Locked
  • Question Question
Router Model/Firmware Does NOT Compute
Replies
9
Views
600
goombawaho
goombawaho
hhallett
  • Locked
  • Question Question
How do I get my router to stop throttling my Internet speed?
Replies
8
Views
1K
hhallett
hhallett
DrB0b
  • Locked
  • Question Question
Looking into a new Small Business Router
Replies
0
Views
161
DrB0b
DrB0b
webrabbit
  • Locked
  • Question Question
Is There Such a Thing As a Sub-Router.?
Replies
13
Views
642
webrabbit
webrabbit

Part and Inventory Search

Sponsor

Back
Top