Re: router firwalls?

From: NeoSadist (
Date: 04/07/04

Date: Wed, 07 Apr 2004 11:42:21 -0600

shope wrote:

> "NeoSadist" <> wrote in message
>> RB wrote:
>> > Does any router work as a hardware firewall?
>> Nope. A router only does NAT (network address translation). Some people
>> classify NAT as a firewall, but it's not in my opinion. It's simply how
>> a router routes packets from external IP's (internet) to internal IP's
> (LAN).
> Agreed - but some routers do have a full built firewall functions (e.g. a
> cisco with firewall IOS), and since a firewall usually supports NAT as
> well, you can get firewalls that do the same job as a SOHO router (e.g. a
> cisco pix 501) - i just pick on cisco here as they are well known, and
> thats what
> i work with most.

But a router by definition doesn't need a firewall. A firewall is an
additional feature, not part of a router's job description.

>> > If not, what router label do
>> > I look for to ensure the router I get will act as a firewall.
>> Uh, the word "firewall" would do it for me....
> firewall is one of those terms which gets abused - so better to decide
> what you want and then look for the functionality rather than rely on the
> "F" word.

I know that.

> there are lots of blurred edges here - some firewalls use stateful packet
> inspection, some dont, others can scan for URLs and limit access, or watch
> data within a transfer with IDS style inspection to try to pick up worms
> and viruses.
> The key difference is that a firewall should more or less block everything
> that isnt explicitly allowed, and a router tends to allow everything that
> isnt explicitly blocked - under those rules just about every SOHO router
> isnt a firewall as they tend to allow any connection from inside to
> outside, to minimise the amount of setup needed.

Yes, they are diametrically opposed...

>> >
>> > Seems I've heard of NAT routers. Is this one of the firewall routers?
>> No, NAT is how they work, Router is what the object is. I'd slap someone
> if
>> they told me they had a "NAT router". I'd be like "DUH!" A router
> without
>> NAT, how would that work? lol.
> a bit of nit picking - NAT is usually only used for SOHO routers driving
> internet links or in a hosting centre - most enterprise networks (and most
> of the internet) is built from routers that are not configured for NAT.

I've yet to see a router without NAT, and/or use one, but then again....

>> Look for something that says "firewall" router. That, or find an old
>> pentium 1 with 64mb ram and 1gb hdd and put Smoothwall 2.0 Linux on it.
>> Then it will act as a router AND a firewall AND a DHCP server (and DHCP
>> is another useful thing most routers do, but is not part of the "job
>> requirements" of a router).
>> --
>> Nobody wants constructive criticism. It's all we can do to put up with
>> constructive praise.

Maintainer's Motto:
        If we can't fix it, it ain't broke.