Any point of having a Software Firewall behind a Router?

photoshop · 7 May 2008 at 13:43

Hi,

I have a Netgear WGT624 (version 4) router which has a built in firewall.
I also have Zonealarm (ZA) aswell acting as a firewall.

Seeing as the router has a built in firewall should i uninstall ZA?
Is there any need for a software firewall when the router has one built in...?

photoshop · 7 May 2008 at 14:22

Ethics said:
It also helps you with port forwarding etc. if something dodgy is using a forwarded port. Or say you were forwarding 22 for SSH to a server behind your routers firewall, most common household routers are going to allow any packets on that port from any host, a software firewall can be used to reject/drop from particular hosts, IP blocks etc. etc. They are normally much more configurable than standard home routers.

Port forwarding is causing me a nightmare at the moment! I use flashfxp for ftp using SSL security for ident. Even though i've forwarded port 113 on the router flashfxp still doesnt work! I've tried it without any firewall being active and still no joy

I think its because im using an ip from the router which is 192.168.X.X. When i connect to the site with FFxp i think the connection is not being established (says connection failed or lost) because the hosting site must be looking for my original IP address (the IP i get from Virgin). If i configure the router for "Static IP" then FFxp works but not using DHCP because it looks for my original ip and does not find it.

But Virgin does not like Static IP configs as i loose the connection within 24hrs and then have to set the router to DHCP to get internet access.

Any solutions to this???

photoshop · 7 May 2008 at 14:45

Guys i get a static IP address from Virgin. I've had this ip address for over a year.

Flashfxp works with the IP address from virgin but does not work for the IP address my router assigns my PC (192.168.X.X)

photoshop · 7 May 2008 at 15:05

Now im totally lost. a lot of that went over my head.

Are you saying that port forwarding does not work when using DHCP?

If i set my router to Static IP, FFxp works fine. But i loose all connection after 24hrs or so and need to use DHCP again even though my IP address from virgin has NOT changed.

When i try to connect to a secure SSL site which requires "ident" (which is my username and IP address) it fails because my ident is setup for the original IP address from virgin and not from the one that the router assigns to my machine (and this can not be changed). this is why static works and DHCP does not. But static is rubbish because it dies after a day so i have to revert back to DHCP and then FFxp does not work.

FFxp searches for my original ip address but all it finds is the address which is assigned to my pc by the router. I need to somehow use DHCP and get FFxp to see my original ip address so connection can be established.

I need to find a fix to this and quick.

photoshop · 7 May 2008 at 15:20

bledd. said:
explain clearly what you're trying to do , where the ftp server is, what type of internet you have etc..

i'd make a new post in the Networking section of the forum

1. Im trying to get FlashFXp to work because it does not work when im using DHCP on my router. It works when using static ip on the router BUT virgin is notorious for not liking static ip setups on routers, thus my connection goes dead after a day or so and i have to use DHCP to have access to internet. MY IP address from Virgin Never Changes though! I do not have a dynamic ip address.

2. The FTP server i connect to uses SSL security aswell as formal identification in the form of a username and ip address. If all these factors are correct i have access. The ip address it looks for is the static ip address i have from virgin.

3. My connection is 4Mbit Virgin Broadband.

My router is Netgear WGT624 108Mbps

photoshop · 7 May 2008 at 15:52

bledd. said:
or is that at an external site that you're trying to connect to?

As above

When i get home i will paste a log of what happens in FlashFxp.

photoshop · 8 May 2008 at 02:07

Settings on Router:

This is what happens in FlashFXP:

WinSock 2.0 -- OpenSSL 0.9.7g 11 Apr 2005
[L] Connecting to Y -> IP=xx.xx.xx.x PORT=xxxxx
[L] Connected to Y
Ident Request: xx.xx.xx.x - UserID: ian
[L] Connection failed (Connection lost)

It fails when it tries to identify me

photoshop · 8 May 2008 at 11:07

cokecan72 said:
do you specifically pay for a static IP? with virgin/ntl you tend to keep the same IP for majority of the time but it can change and is exactly why I use dyndns.org or no-ip.com to act as a pointer that points to my router regardless of if my IP changes (you will have to update this periodically though). using dyndns.org I host an FTP server on one of my machines.

to connect instead of typing xx.xx.xx.xx:zzzz where x is my external IP from virgin and z is the port number ive set up, i type cokecan72.dyndns.org:zzzz

if you have DHCP setup within your network and port forwarding then surely that wont work because your router will be auto assigning an IP to your computer which could also change from time to time? it would be best to set your PCto use a specific IP address within the range of IP's that your router supports (going by your pic, anythin from 192.168.1.2 to 192.168.1.255) as Bledd. said

just make sure you have the ftp program and/or port allowed through the firewall of zone alarm or the windows firewall if its enabled. On my D-Link router I allow access through the virtual server on a specific port and also allow that same port through the firewall on it to make sure nothing is blocking my connections.

I dont pay for a static ip. I think in the past 8 years of having broadband my ip has changed less than 6 times.

What do i need to change on the screenshots above to get it to work?

photoshop · 8 May 2008 at 11:57

Ethics said:
Have you tried it without SSL? maybe that's the problem.

SSL is required for log in for authentication

photoshop · 8 May 2008 at 11:59

host name is right because when i plug broadband straight into pc ffxp works fine. Just doesnt behind the router for that site

photoshop · 8 May 2008 at 12:39

my head hurts

photoshop · 8 May 2008 at 13:20

pointy shadow said:
Have you had a look at the guides over at Portforward.com?

Might help, might not but worth a look to make sure your forwarding your ports correctly.

ye that was one of the 1st things i done.

photoshop · 8 May 2008 at 14:17

Ethics said:
Not really sure how else i can be of help tbh. I've suggested quite a few solutions, and some information on the situation in general and it doesn't even look like you've tried them. I loathe giving things step by step, people generally don't learn anything.

i cant try those steps till i get home mate, im at work