Use any firewalls?

[KevC]

I used to use Tiny when it was completely free... now I'm looking around and it seems that it's a pay now?

I want something that's ... tiny ... and free ... not like ZoneAlarm... too bloated IMHO. Any suggestions?

 

[alrox]

CHX-I is a free, small and very fast packet filter/NAT package.

 

[KevC]

I'm new to this.. is a NAT the firewall?

 

[shade91]

Originally posted by KevC
I'm new to this.. is a NAT the firewall?

In a sense it's a firewall. It basically makes it so all internal IPs get out through one IP. Outside attackers can't really get in because of that.

*waits for the obligatory "nat isn't a firewall it gives the user a false sense of security even though I can't prove it"*.

 

[IceWindus]

NAT is network address translation. It takes the WAN IP you get from your ISP and converts it to a private non routable IP. It was developed by CISCO to reduce the need for live IP's. The biggest thing is that it hides your computer from the rest of the world. Hackers can only see the interface on the router with the IP, but the computers on the other side are hidden. Quit imaginative if you think about it.

 

[Malk-a-mite]

Originally posted by shade91
I*waits for the obligatory "nat isn't a firewall it gives the user a false sense of security even though I can't prove it"*.

Happy to help.

How about a direct quote from the website:
"Network Address Translation is not a security tool, performing purely networking functions."

The "CHX-I Stateful Packet Filter" performs what would be considered firewalling actions.

 

[Blitzrommel]

Originally posted by Malk-a-mite
Happy to help.

How about a direct quote from the website:
"Network Address Translation is not a security tool, performing purely networking functions."

It wasn't designed as such, no. But it doesn't hurt either.

 

[Malk-a-mite]

Originally posted by Blitzrommel
It wasn't designed as such, no. But it doesn't hurt either.

It is a nice addition to a combination of security measures, that I will gladly agree with.

 

[Flagg]

Actually NAT is the mapping of several IP's to private IP's on the inside
example

LAN WAN
192.168.x.x <-> 1.2.3.4
192.168.x.x <-> 1.2.3.5
192.168.x.x <-> 1.2.3.6
192.168.x.x

What is typically instrumented in consumer "Firewall" software and hardware it Pat. Port Address translation. Which is where you have many clients on your lan and only ONE ip on the outside. It manipulatoes port numbers for multiple connections.
example

LAN WAN PORT
192.168.1.2 <->1.2.3.4 -> 80
192.168.1.3 <-> -> 8001
192.168.1.4 <-> -> 8002
192.168.1.5 <-> -> 8003

Instead of using multiple IP's (you only have one) the PAT software/hardware manipulates the port numbers. So any data that leaves the PAT software with port number 8002 gets mapped back to 192.168.1.4. Any data that leaves the PAT software with port # 8003 gets mapped to 192.168.1.5 when the data returns

This is an oversimplified version but thats the jist of it

 

[CyC]

Kerio v2.1.5

its small.. and doesnt use lots of resources and easy to customize

dont try v4/5... its bloated

 

[Brules]

It's Voodoo Black Magic!!!

 

[zeroARMY]

None. I don't have any important files.