Go Back   Hardware Canucks > SOFTWARE > Networking

    
Reply
 
LinkBack Thread Tools Display Modes
  #11 (permalink)  
Old January 12, 2010, 04:19 PM
sswilson's Avatar
Moderator
F@H
 
Join Date: Dec 2006
Location: Moncton NB
Posts: 14,417

My System Specs

Default

Not specifically MW2, but I have come across a few games which didn't seem to want to play nice with certain routers unless you opened the bloody thing right up (dmz), and you shouldn't have to do that........
__________________
MSI Z87I Gaming AC / i5 4670K / 2X 4G Gskill 1866 DDR3 / XFX XTR 750 / EVGA GTX 680 SC+ 2GB / Intel DC S3700 200G / random 160G Sata HDD
Inwin 904 / Swiftech MCP655-b / Alphacool NexXxos XT45 120 Rad / 2X Scythe GT AP-15 / EK Supreme HF / Dell UltraSharp U2412M

Asrock AM1H-ITX / AM1 Athlon 5350 / 2X4G Gskill PC3-14900 / Intel 6235 Wi-Fi / 90W Targus Power Brick / 320G Seagate Momentus / Mini-Box M350 / 1X 22" Dell IPS / 1X 22" HP
Reply With Quote
  #12 (permalink)  
Old January 12, 2010, 06:41 PM
Jack Rabbit's Avatar
Allstar
 
Join Date: Sep 2007
Location: Toronto, ON
Posts: 784

My System Specs

Default

Keep in mind that the terms "firewall" and "router" are very muddy. Residental gateways are not routers. They do not do RIP or BGP (OOTB) or any of the real router functions. A firewall can be anything between a dumb passive setting that refuses connections to a fancy system that does deep packet inspection, in-line antivirus, statistical threat assessment, and logging/notification.

If you are setting up a home system it might be worth the time to test it with something like Shields Up from grc.com or other similar sites. If you pass the tests it will give you some piece of mind.

What model of SMC gateway are you using?
__________________
He either fears his fate too much, or his deserts are small, that dares not put it to the touch, to gain or lose it all.
- James Graham
Reply With Quote
  #13 (permalink)  
Old January 12, 2010, 06:51 PM
sswilson's Avatar
Moderator
F@H
 
Join Date: Dec 2006
Location: Moncton NB
Posts: 14,417

My System Specs

Default

SMC Networks - SMC8014W-G EZ Connect? PRODUCTS BROADBAND MODEMS RESIDENTIAL EN_USA
__________________
MSI Z87I Gaming AC / i5 4670K / 2X 4G Gskill 1866 DDR3 / XFX XTR 750 / EVGA GTX 680 SC+ 2GB / Intel DC S3700 200G / random 160G Sata HDD
Inwin 904 / Swiftech MCP655-b / Alphacool NexXxos XT45 120 Rad / 2X Scythe GT AP-15 / EK Supreme HF / Dell UltraSharp U2412M

Asrock AM1H-ITX / AM1 Athlon 5350 / 2X4G Gskill PC3-14900 / Intel 6235 Wi-Fi / 90W Targus Power Brick / 320G Seagate Momentus / Mini-Box M350 / 1X 22" Dell IPS / 1X 22" HP
Reply With Quote
  #14 (permalink)  
Old January 12, 2010, 11:12 PM
Top Prospect
 
Join Date: Nov 2007
Location: Montreal, Qc
Posts: 111

My System Specs

Default

Quote:
Originally Posted by Phobia View Post
were you thinking of MW2 when you researched this? I still don't understand the difference of mw2's open, moderate and restricted NATs.
Microsoft considers standard NAT to be of the "restricted" type. This means the client cannot open incoming ports on the router by itself. Moderate and Open are when the home router supports UPnP NAT Traversal. It's part of the Universal Plug-and-Play protocol suite and it allows applications to tell the router what incoming ports it needs to open on the fly.

It's usually not enabled by default on all routers, and from personal experience it generally isn't implemented well on most routers. If you enable it, you have to be careful about security since it allows applications to open any incoming port for listening (including trojans and whatnot).
__________________

Reply With Quote
  #15 (permalink)  
Old January 13, 2010, 01:32 AM
Jack Rabbit's Avatar
Allstar
 
Join Date: Sep 2007
Location: Toronto, ON
Posts: 784

My System Specs

Default

Looking through the manual this little gizmo actually does support RIP so it does do some real router functions. It is still a limited device.

The "Firewall" on the unit does two things:

Quote:
...enable access to services on your public LAN network from the Internet or to block services on your private LAN from accessing the Internet.
The only way you can have a public LAN is if you get real routable public IP addresses from your ISP to assign to your servers. The gateway/router/firewall/whaever-you-call-it is working "transparently" and passing inbound traffic directly through to the servers. It only touches the traffic if the firewall rules are triggered. This will do nothing for your NATed private LAN so turning it off will also do nothing.

The outbound filtering is also not related to NAT so disabling it will not effect NAT. This is more of a security feature to prevent pesky kids or wage slaves from playing games or chatting on AIM.
__________________
He either fears his fate too much, or his deserts are small, that dares not put it to the touch, to gain or lose it all.
- James Graham
Reply With Quote
  #16 (permalink)  
Old January 13, 2010, 08:06 AM
BrainEater's Avatar
Hall Of Fame
 
Join Date: Mar 2007
Location: Calgary
Posts: 2,504
Default

Quote:
Originally Posted by Spblue View Post
Wordy, me? Coming from a guy with 3 years long worklogs, I should feel honored.
Haha , Touche.

-------

Setting up games for 'routing'/firewalls is always a pain.Every router is different so what works on one doesnt necissarily work on another...especially when you graduate from cheepo residential jobbies into 'real' routers.

I'm in the process of setting up my router (I run PFsense) to run MW2.In my case , it requires setting port forwards on both inbound and outbound traffic.....I'll let yah know how it works.

I never could get my router to open properly for Unreal Tournament 3....I spent weeks opening ports/checking rules.....damn thing would not go , so I've setup a physical dmz....

__________________
Intel 3930k /rIVe/32 Gb vengeance LP/Nvidia TITAN/760/760/Intel 520's/WD raptors/etc...
Reply With Quote
  #17 (permalink)  
Old January 13, 2010, 09:06 AM
m1dget's Avatar
Allstar
 
Join Date: Nov 2008
Location: Terrebonne, Qc
Posts: 707

My System Specs

Default

As pointed a few times in this thread nat and firewall are completely different, and you could have a firewall running on a bridge between two interfaces and wouldn't be able then to have a NAT done on the system running the firewall. You could have a gateway with NAT and no firewall, it could still do the trick, but instead of the packets being blocked and dropped by a sophisticated software, they will be most likely be dropped by the NAT system kernel since there would be nothing listening for incoming packets. You would have the impression of having a firewall, but it wouldn't be really one. Also you probably wouldn't be able to redirect ports because that's the job of a firewall most of the time to manipulate packets. (redirection -> nat -> firewall rules)

And to answer your first question, no disabling it wouldn't make you have a 'dmz' unless you have either multiple external IP (one for the DMZ and one for whatever otther computer you want to be able to access the internet) or that you have only one computer that you are wishing to have on the internet and that one being the computer in the DMZ.

As Jack Rabbit said also, you can't really call the 'router' you have at home a 'router' because it doesn't support any of the routing protocol (usually)... though I don't really agree with him when he says that it should maybe do BGP, he's right for everything else :) Heck the day I see a 'home router' supporting a BGP or EGP (or about any router not doing a small lan job), I think I send the company engineer a message saying how uselessly awesome they are
__________________
"NIX is a classic example of security through obscurity because there is no real monetary reward for crackers and hackers to break Linix" -AkG
Reply With Quote
  #18 (permalink)  
Old January 13, 2010, 01:36 PM
BrainEater's Avatar
Hall Of Fame
 
Join Date: Mar 2007
Location: Calgary
Posts: 2,504
Default

Yep.

Here's the thing about "routers".The term is almost generic at this point....Everything from 'residential gateways' to hardware firewalls , can be glommmed into this category.

Despite the differences between NAT and 'firewalls' the two functions are almost always paired...Sometimes badly.It really depends on the platform.

There are also many different kinds of NAT.And different types of firewalls.All of this adds up to no real standard , so you really need to learn about your paticular setup.

__________________
Intel 3930k /rIVe/32 Gb vengeance LP/Nvidia TITAN/760/760/Intel 520's/WD raptors/etc...
Reply With Quote
  #19 (permalink)  
Old January 15, 2010, 02:36 PM
Top Prospect
 
Join Date: Jan 2010
Posts: 95
Talking

NAT stands for Network Address Translation. It's basically a kludge to work around not having enough routable addresses on the internet.

NAT isn't a firewall, it's a routing protocol. It will not protect computers inside your local area network from a peer. It will offer you rudimentary protection from outside traffic only through not forwarding explicitly forwarded traffic, but if a computer on your local area network proactively becomes exploited, NAT will not afford any protection against this.

Quote:
Originally Posted by sswilson View Post
Got a question for the network/router gurus out there. (Please take it easy on me if my assumptions are completely Out To Lunch..... ;) ).

In layman's terms, my understanding is that using a router offers a form of hardware firewall based solely on the NAT features. If I've got this figured out properly (this is where I might be completely out to lunch) is that NAT performs firewall duty for incoming requests mostly because it doesn't know where to send information it isn't expecting and thus just throws it out rather than deciding on it's own what internal device to send it to.... is that basically the way it works?

If this is so, my main question then is WRT routers (like some SMC ones) which also have a firewall setting...... is this different from the standard NAT function, or would disabling it just put the router into what was formally known as DMZ on older routers?
Reply With Quote
Reply


Thread Tools
Display Modes

Similar Threads
Thread Thread Starter Forum Replies Last Post
Router + Firewall + NAS? Cheator Networking 7 January 9, 2009 01:43 PM
Firewall howpet O/S's, Drivers & General Software 4 November 29, 2008 08:36 PM
Question on wireless router tao5269 Networking 19 September 19, 2008 01:24 PM
router for firewall. worth it? thenewguy001 Networking 17 May 29, 2008 03:10 PM
PCIe 2.0 vrs 1.0 Benchmarks? sswilson Video Cards 4 February 3, 2008 07:51 AM