1. Forum
  2. USENET
  3. comp.sys.mac.system

  • how many firewalls needed?

    From Frank@gno52@alltel.net to comp.sys.mac.system on Tuesday, April 18, 2006 05:27:00
    From Newsgroup: comp.sys.mac.system

    Have Linksys wireless home network with Speedstream dsl modem to get us on-line. Three machine on network ..two Macs with 10.4.6 OS and one
    Win2K. Each
    machine has its own firewall. MACS have preinstalled ones that came on
    machines and Win2k has Sygate firewall. DSL modem has its own firewall
    as does Linksys router. Are all three firewalls needed? I have
    suspicion that poor performance in some of
    video conference applications might be attributed to everything having
    to be filtered by three different firewalls. Firewalls on individual
    machines easy to disable but the ones on modem
    and router are not so friendly.

    --- Synchronet 3.18b-Win32 NewsLink 1.113
  • From bobbagoose@bobbagoose@gmail.com to comp.sys.mac.system on Tuesday, April 18, 2006 06:44:47
    From Newsgroup: comp.sys.mac.system

    I would recommend using the firewall on the DSL modem only. This is the
    gateway in and out of your network, and as long as it is prooperly
    configured for your needs portforwarding etc. then you'll be fine. See http://www.portforward.com/default.htm I have experienced problems in
    the past with having several operating firewall routers, but never
    usually from the OS. You should be able to access your router setup via 192.168.0.1 or 192.168.1.1

    I would definately disable the firewall on the linksys. It seems like
    you have a similar setup to myself, and that solved my connection
    problems, P2P etc.

    --- Synchronet 3.18b-Win32 NewsLink 1.113
  • From Tim McNamara@timmcn@bitstream.net to comp.sys.mac.system on Tuesday, April 18, 2006 08:46:33
    From Newsgroup: comp.sys.mac.system

    In article <1145363220.901609.186490@u72g2000cwu.googlegroups.com>,
    "Frank" <gno52@alltel.net> wrote:

    Have Linksys wireless home network with Speedstream dsl modem to get
    us on-line. Three machine on network ..two Macs with 10.4.6 OS and
    one Win2K. Each machine has its own firewall. MACS have preinstalled
    ones that came on machines and Win2k has Sygate firewall. DSL modem
    has its own firewall as does Linksys router. Are all three firewalls needed? I have suspicion that poor performance in some of video
    conference applications might be attributed to everything having to
    be filtered by three different firewalls. Firewalls on individual
    machines easy to disable but the ones on modem and router are not so friendly.

    Firewalls basically close ports so that computers from the outside world
    can't use them, and can also close ports so computers on your LAN can't
    send out through them if you want to set it up that way. Open ports are
    not filtered (as I understand it) and should operate at full speed.

    On your Windows box you can't have too many firewalls because there is
    just so much malware out there. Even then it isn't safe from malware
    you install yourself or can be tricked into installing.

    Poor video conference performance might be due to duplex mismatch or
    just not having enough bandwidth or the CPU not being able to keep up
    with the demand.
    --- Synchronet 3.18b-Win32 NewsLink 1.113
  • From bobbagoose@bobbagoose@gmail.com to comp.sys.mac.system on Tuesday, April 18, 2006 08:13:28
    From Newsgroup: comp.sys.mac.system

    On your Windows box you can't have too many firewalls because there is
    just so much malware out there. Even then it isn't safe from malware
    you install yourself or can be tricked into installing.

    There is no need to have any more than one firewall. Sure you can have 2,3,4,5,100 but if the first one is operating properly and blocking
    incoming requests and unauthorised ougoing requests then there is no
    need. Plus imagine having to configure port forwarding through 3
    firewalls, it would be a nightmare for most people.

    Software based protection is mostly useful for people that don't have a firewall/router. If you have a firewall router that is configured
    properly there is no need to activate any other firewall between your firewall/modem/router and any machine/router attatched to it.

    --- Synchronet 3.18b-Win32 NewsLink 1.113
  • From G.T.@getnews1@dslextreme.com to comp.sys.mac.system on Tuesday, April 18, 2006 10:42:06
    From Newsgroup: comp.sys.mac.system

    bobbagoose wrote:
    On your Windows box you can't have too many firewalls because there is
    just so much malware out there. Even then it isn't safe from malware
    you install yourself or can be tricked into installing.


    There is no need to have any more than one firewall. Sure you can have 2,3,4,5,100 but if the first one is operating properly and blocking
    incoming requests and unauthorised ougoing requests then there is no
    need.

    What if the firewall is compromised? What if it's misconfigured?

    Plus imagine having to configure port forwarding through 3
    firewalls, it would be a nightmare for most people.

    You don't need to configure port forwarding more than once if you filter
    at the DSL router and at the hosts (port forwarding doesn't need to be
    done on the hosts).


    Software based protection is mostly useful for people that don't have a firewall/router. If you have a firewall router that is configured
    properly there is no need to activate any other firewall between your firewall/modem/router and any machine/router attatched to it.


    For a small network where the admin knows what he is doing software
    protection on the hosts is probably not needed but many larger corporate networks, ones with many points of ingress including breaking and
    entering into a small branch office, are filtering at the host now.

    Greg
    --
    "All my time I spent in heaven
    Revelries of dance and wine
    Waking to the sound of laughter
    Up I'd rise and kiss the sky" - The Mekons
    --- Synchronet 3.18b-Win32 NewsLink 1.113
  • From Buzz@buzz@buzz.inv to comp.sys.mac.system on Tuesday, April 18, 2006 14:06:28
    From Newsgroup: comp.sys.mac.system

    G.T. wrote:
    bobbagoose wrote:

    On your Windows box you can't have too many firewalls because there is
    just so much malware out there. Even then it isn't safe from malware
    you install yourself or can be tricked into installing.



    There is no need to have any more than one firewall. Sure you can have
    2,3,4,5,100 but if the first one is operating properly and blocking
    incoming requests and unauthorised ougoing requests then there is no
    need.


    What if the firewall is compromised? What if it's misconfigured?

    So you need a second one.

    What if the second one is compromised? What if it's misconfigured?

    So you need a third one.

    What if the third one is compromised? What if it's misconfigured?

    So you need a fourth one...


    Plus imagine having to configure port forwarding through 3
    firewalls, it would be a nightmare for most people.


    You don't need to configure port forwarding more than once if you filter
    at the DSL router and at the hosts (port forwarding doesn't need to be
    done on the hosts).


    Software based protection is mostly useful for people that don't have a
    firewall/router. If you have a firewall router that is configured
    properly there is no need to activate any other firewall between your
    firewall/modem/router and any machine/router attatched to it.


    For a small network where the admin knows what he is doing software protection on the hosts is probably not needed but many larger corporate networks, ones with many points of ingress including breaking and
    entering into a small branch office, are filtering at the host now.

    Greg
    --- Synchronet 3.18b-Win32 NewsLink 1.113
  • From Frank@gno52@alltel.net to comp.sys.mac.system on Thursday, April 20, 2006 03:01:46
    From Newsgroup: comp.sys.mac.system

    I am still struggling with this prob. I even tried disabling all three
    just to see what would happen on trying to initiate video chat
    application (iSpQ) and got the message that I was behind a NAT firewall
    and to disable it. What is an NAT firewall? All three firewalls
    previous mentioned were disabled (actually reviewed settiong several
    time on each to be sure).

    --- Synchronet 3.18b-Win32 NewsLink 1.113
  • From tacit@tacitr@aol.com to comp.sys.mac.system on Friday, April 21, 2006 12:49:06
    From Newsgroup: comp.sys.mac.system

    In article <1145527306.463430.41080@i40g2000cwc.googlegroups.com>,
    "Frank" <gno52@alltel.net> wrote:

    I am still struggling with this prob. I even tried disabling all three
    just to see what would happen on trying to initiate video chat
    application (iSpQ) and got the message that I was behind a NAT firewall
    and to disable it. What is an NAT firewall?

    The NAT firewall is your router.

    You absolutely can not use video chat, no way no how, until you
    reprogram your router to permit it. Look at your router's manual for information about how to do this. Usually, you configure your router by opening a Web browser and surfing to the router's address, which is
    usually

    http://192.168.1.1

    but may be different for some brands of router.

    --
    Art, photography, shareware, polyamory, literature, kink:
    all at http://www.xeromag.com/franklin.html
    Nanohazard, Geek shirts, and more: http://www.villaintees.com
    --- Synchronet 3.18b-Win32 NewsLink 1.113