I'm seeing a lot of talk about using Linksys routers as firewalls.
What sort of options do they have...
Stateful matching etc?

Regards,
Peter

Thanks all for the replies...

Well, they block incoming ports/requests. Basically serves as just a hardware firewall. Its easy to configure as well, with port forwarding to a specific IP on your LAN. Mine does a job well done, got about 7 machines running behind mine connected to my cable modem connection.
Might want to check out their site for more info: http://www.linksys.com

I'm concerned about the "quality" of the firewalling.

A second firewall behind it never hurts, but are they good enough to leave on their own?

Regards,
peter

I trust mine, though I don't really keep anything special that if someone did attack, oh well, I would reinstall. But it never does hurt to have a second firewall behind it.

Thanks,
Peter.

Mine has been good to me as well. Port forwarding works great, and the logging feature is good to. I have it sending the logs to a linux box, where I made a script to read the SNMP logs and system info(uptime, df, free, etc) and output the info into daily html webpages that I can read without ssh'ing over to read them.

They are getting pretty cheap also, I got mine free but you can pick one up for about $75 or less.

You can configure them pretty well. A really well configured hardware firewall works good.

Its a statefull firewall. Its as good as any other stateful packet filter. Its prolly (not for sure) a lot harder to hack then a linux firewall for a few reasons, mainly its an embeded box.

but you still have other security conerns ie
if an adversary can get a user on the inside to execute some bad code through a browser attack, vulnerable service that is open through the firewall or something like that.

but 2 or 3 firewalls wont really stop that. my suggestion is have a good border firewall (like the linksys box) then have good firewall rules on each host.

Then try some personal firewall (for win boxes) that will prevent the hosts from make outgoing connections unless allowed by the user.

that will do a decent job of locking down a home network.

<------code------>
#!/bin/bash

# system_page - A script to produce an system information HTML file

##### Constants

TITLE="System Information for $HOSTNAME"
RIGHT_NOW=$(date +"%x %r %Z")
TIME_STAMP="Updated on $RIGHT_NOW"
DATE_FORMAT=$(date +%h.%d.%Y)
##### Functions

function show_uptime
{
echo "<h2>System uptime</h2>"
echo "<pre>"
uptime
echo "</pre>"
}

function drive_space
{
echo "<h2>Filesystem space</h2>"
echo "<pre>"
df -h
echo "</pre>"
}

function firewall_log
{
echo "<h2>Firewall Logs</h2>"
echo "<pre>"
cat /var/log/linksys.log
echo "</pre>"
}

##### Main

cat <<- _EOF_ > /home/hanzerik/public_html/$DATE_FORMAT.html # Path to where html file should be created
<html>
<head>
<title>$TITLE</title>
</head>

<body bgcolor="black" text="green">
<h1>$TITLE</h1>
<p>$TIME_STAMP</p>
$(show_uptime)
$(drive_space)
$(firewall_log)
</body>
</html>
_EOF_

echo "<p allign="center">" >> /home/hanzerik/public_html/index.html
echo "<a href="$DATE_FORMAT.html">$DATE_FORMAT" >> /home/hanzerik/public_html/index.html
echo "</p>" >> /home/hanzerik/public_html/index.html
cp /dev/null /var/log/linksys.log
<------end code------>

Simple bash shell script that reads system info and firewall log, outputs the info into a html file, clears the log and starts a new one. The html file gets created and a link to the new daily log page gets appended to the index page



The logging program is called linksysmon http://woogie.net/linksysmon/

I have a linksys router myself and it's really good... easy setup and it's easy to forward stuff to my linux box since it does handle the ftp / http / telnet / etc services...

Hello

I also have LinkSYs router with Red hat 7.3 box. I want to open telnet that uses 23 port. How that can be done in Linksys? Moreover, by default all ports in LinkSys are closed.

Thanks

I would use ssh instead of telnet.

But for the port forwarding:

http://www.dslwebserver.com/main/fr_...orwarding.html

http://www.anandtech.com/showdoc.html?i=1206&p=4

http://myserver.org/help/linksys1.3.x.asp

open your browser and type the ip address of the router which by default is 192.168.1.1 and type in the password which by default is "admin" unless it was changed... no user just leave it blank... then click the Advanced tab... click the Forwarding tab ... under service port range type 23 in both boxes and under the ip address to the right of those two boxes type the address of the red hat box which for some reason my only lets me change the last number in the 192.168.1.xxx <--- change those xxx's to match your linux box... this also helps for when you want to open a game port ... say your running quake 2 server... open port 27950 to your linux box... or whatever computer is running the quake 2 server... and leave the protocol to both i guess.. i don't know what that's for... atm... i'm still learning mine but I have always left it to both.

23 ~ 23 192.168.1.300 for telnet
27950 ~ 27950 192.168.1.300 for quake2 server
80 ~ 80 192.168.1.300 for http server
etc..

most of the time my router will somehow remember my computer and keep it with the same ip address even if it has to skip a number but all of the computers are set to Dynamic IP (main computer 100, linux box seems to stay at 102) even if 101 isn't turned on. /shrug ... it did same thing with laptop until i changed the network pcmcia card and then it changed to a different number BUT i went to the dhcp client table and it still has that 103 available for my laptop's network name... /shrug so yea that's how you do it..