Ok, to explain how routing is done, it is going to get very technical.

The router keeps an internal table of what connections are built to the
outside world and what computer requested them.  Then, when the host system
sends data back, the router checks it's table to see who it is supposed to
pass the information onto.

(thsi is putting it simplisticly) So, if 192.168.0.10 requested a webpage
from yahoo.com, the router remembers that and when yahoo replies, it passes
the information onto .10.  If at the same time .11 requests a page from
google, the router remembers and forwards the appropriate data.

What hardware based firewalsl do, by default, let all traffic leave your
network, but onlylet traffic it that was originally initiated by an internal
computer.  Now, you can configure them to block outgoing traffic and let in
some external traffic (like if you want to run a web server).

The advantage to a software firewall is that it can block based on
application, not port.  Like if you have a two programs that use port 23456.
The software firewall will typically say "programx.exe wants to go outside
on port 23456, allow?" you then say yes.  Then if it says the same for
programB and you don't want it to, you can say no.  If it is a program you
don't expect, then you can go even further and try to find it and remove it.

The problem with software firewalls is they themselves can be cracked and
subverted easier than hardware based.  All, they tend to impact system
performance.

----- Original Message ----- 
From: "Dan Bale" <dbale@xxxxxxxxxxxxx>
To: "PC Technical Discussion for iSeries Users" <pctech@xxxxxxxxxxxx>
Sent: Thursday, July 29, 2004 9:12 AM
Subject: RE: [PCTECH] Need firewall protection,


> I appreciate all of the responses!
>
> The main thrust I am picking up about the hardware firewall is that
> uninvited "guests" are effectively turned away.  I imagine this is true
> because my PC has an IP address given by the router, a 192.168.n.n, which
is
> "untouchable" from the outside.  Meanwhile, the router, having the address
> given by my ISP, *somehow* knows which traffic coming in is legit, and
which
> is not.
>
> It is that last part I'm unclear on.  Also fuzzy is the part where I have
> more than one PC communicating on the internet simultaneously through this
> router; how does the router know which PC to route the legit traffic to?
>
> The other thing that I'm learning here is that the firewall/router only
> protects against incoming baddies, and does nothing to stop baddies that
> somehow make it onto my PC and "phone home".  I mentioned my paranoia
> yesterday about keyloggers.  David, I guess I'm surprised that you don't
run
> a software firewall as well.  What protection do you have against the
"phone
> home" baddies?
>
> db
>
> --
> This is the PC Technical Discussion for iSeries Users (PcTech) mailing
list
> To post a message email: PcTech@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/pctech
> or email: PcTech-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/pctech.


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.