I have an old Linksys Router. Connected to two PCs, one always-on. And to a WiFi Access point running in the bridge mode (I don't trust the access point).

I have a few ports mapped to the always-on PC. I DON'T run MS's IIS. I use a carefully configured FTP server. Port 80 mapped to HS.

I get lots of lame attempts on the FTP server by port scanners.

Never had a hacking problem except for one idiot who was putting files on my FTP server under anonymous. I disabled that.

I don't use firewall software on my PC. I do use Norton's Antivirus to scan all email and download attachments which the router wouldn't, of course, catch.

I think most people will use Norton or McAffe and a router, and turn off SP2's firewall. Those that don't are the ones with their PC connected directly to their modem.

-----------
Linksys usually defaults to 192.168.1.1 for the router's LAN address. The DHCP assigned addresses may start at .100. You can change that. Static addresses could, thus start at .2.

Beach,
If your are running a router you have a firewall. It's just a hardware firewall rather than a software one. That sould suffice.

Are all routers also firewalls? Aren't there "routers" and "firewall routers"?

I have a Linksys RV082 which I can define access rules for ports opened. For example, I can define a rule to run at certain time only to open up port required for HS web access AND allow connections from certain IP's only.

Regular routers wouldn't allow rules to be created for accessing internal computers. I'm not sure if all routers are firewall, but I'm sure having a router installed on your LAN is much better than nothing at all.

I do believe though most VPN routers allow access rules to be created.

Simon

DC,
All new Wireless Routers have firewalls built into them. The fact that they manage the ports that all traffic flows on makes them a firewall. If you turn off all ports then the firewall is closed and no traffic flows.

That makes sense. I just recall seeing products called "routers" and more expensive products called "firewall routers". I'm not sure what the difference is but I bought the more expensive one thinking it's what I needed for firewall protection. Maybe the only difference was the label on the box.

Basically a router acts as a traffic cop. It decides if a transmission is to a host it has direct access to or does it have to send the packets elsewhere (another router) where the address may be better understood.

The Linksys line of routers do Network Address Translation (NAT). When you send a packet out from a host on your subnet (a device connected to the linksys router) that is not to another device on the router it goes out the RJ45 Jack connected to the Cable or DSL modem, BUT The address in the packet saying who sent it is changed!

It is changed to the address used by the cable/DSL modem. That is how a single IP address running through A NAT'ing router can support multiple PC's. For each packet sent the router keeps track of what went into the packet as header info and which host it came from so a response will go back to the host that sent the message being responded to.

The only IP address the world sees, so people can send you a message to respond to (establish a session so to speak) is that one cable or DSL modem address.

In addition to my Linksys router I use a reverse proxy so I can get to other devices in my house, I have multiple webservers (e.g. TivoWEB, Camera WEB, and HS WEB). The reverse proxy acts as a very sophisticated filter with many levels of challenge response being configurable based upon incoming port number (simple userid password, time of day, IP address of sender, etc.) The reverse proxy is freeware and very robust.

There is an excellent site known as GRC.com at which you can test the visiblity of your home network to the external world with free software and good advice as to make your self invisible.

Hope this helps

I submit that today's most common danger isn't countered by a firewall router - because the viruses spread as attachments to email which passes la-ti-da through the router to your client, and the same, for web pages you visit with nasty things which sneak in through MIcrosoft's swiss-cheese browser and ActiveX stuff.

While I have used Linksys, Dlink, etc hardware routers I keep going back to using Linux firewalls. The software is very tweakable. I use a plain "old" 300-500Mhz machine with two (three) NICs. Software I have used is:

IPCop at
http://sourceforge.net/projects/ipcop/
and
Smoothwall at
http://sourceforge.net/projects/smoothwall/

They both have the same roots.

I have found IPCop to be a very good firewall and have used for the past couple of years. I have it setup at home on my broadband connection and have also setup for my father as a firewall/dialer to connect to his ISP.

It also has the capability to setup a VPN between two IPCop boxes across the net. Very handy. I have also tested using the VPN capability across a wireless link between two locations.....just waiting on the antennas to finish up.