I was told that if I bought a router to connect my computers to a cable modem, it would act as a firewall.
Is this true? How do I make sure it works? Will I need McAfee on my computer after I hook it up to a router?
While many “commercial” routers also include a firewall, having a router by no means whatsoever insures that a firewall comes with it. The two are different animals - thinks cars and air conditioning. Most come with it, some don’t.
Search here on “Linksys”, and you will find many, many threads discussing pros, cons, workings, and so forth of routers and firewalls. I don’t mean to blow you off, but my fingers just cannot re-type everything all over again, and it has been covered well in the past.
If they don’t answer your questions, then I guess I’ll have to type after all. 
I don’t think this is true. A hardware firewall is a separate bit of hardware + firmware and is often bundled with a router as a hardware combo as in the popular Linksys BEFSR41 but IIRC there are routers that are sold without firewall hardware bundled in.
I use and recommend the Linksys. You can usually get them for 70- 100.
It possibly will, depending on how it’s configured. Chances are, it will use NAT or proxying, and that will prevent anyone on the internet from being able to directly access/attack your computer. It won’t be a real firewall, but it will serve as such.
You should buy anti-virus software anyway, because regardless of how your network is set up all it takes is one moment of lapsed judgement and a mouseclick to infect you.
Right - a firewall does not protect you against downloading viruses, it just prevents malicious intruders from attacking your computer through the internet. They are almost completely unrelated.
Mister V, I’m not sure what you mean by it not being a “real firewall”; the consumer/SOHO routers may not be as powerful or sophisticated as products aimed at the commercial market, but AFAIC they’re real firewalls. I have never seen a consumer hardware firewall with proxying, BTW; they all use NAT. You could probably set up a small Linux server to do proxy serving if you wanted to, but that sounds like it might be a little too involved for HubZilla (and probably way more than you need).
There is nothing magic about a firewall; it is essentially an extension of the function performed by a router. A router makes decisions about how to send packets between machines. It may perform NAT (network address translation, bridging two networks with different addressing schemes). Firewalling is just an extension of these functions.
Firewalls may do several things, but the most basic is just packet filtering based on certain rules. You may configure it to deny certain types of traffic, connections from certain addresses or to certain ports, etc. These functions are frequently bundled with a router because the router is already making packet-based decisions.
That said, most firewall functions in a router may be more general and harder to configure than a standalone firewall, particularly a software firewall like Linux ipchains or iptables. The packet-filtering capabilities built into routers that I have used have not given me anywhere near the specificity you get from iptables.
Note that you should plan on doing some studying on whatever scheme you decide to use. It is unlikely that you can just peel the shrinkwrap off your firewall (whether it’s in your router or not) and have something useful. You need to decide what rules you want to use to filter traffic and configure the firewall to permit what you want and exclude what you fear (e.g. permit HTTP and outgoing SMTP, block ports commonly used by trojans, etc.). Look for a tutorial on whatever flavor you choose, and it’s likely you can find an annotated configuration explaining how to turn things off and on for common settings.
Umm, micco, the Linksys type NAT routers require virtually no configuration. Most of the work is making the settings on the computers. It really is awfully close to taking the shrinkwrap off and plugging in.
These are for people who think Internet=web browsing. If you want to setup servers, etc. it takes some work. Netmeeting and other dynamic port programs are a headache. But that’s true for any type of NAT/proxy router.
These boxes act as firewalls by default since virtually nothing but http is allowed initially. You can make them “unfirewalls” rather simply. (Including selecting one machine to be “outside the firewall”.)
Note they are not for people who get multiple IPs and such where a real router would be required.
That’s not quite true. A router is more like a gateway, a piece of hardware that converts data packets between different protocols.
quote:
Originally posted by micco
There is nothing magic about a firewall; it is essentially an extension of the function performed by a router. A router makes decisions about how to send packets between machines.
then Urban Ranger said-
That’s not quite true. A router is more like a gateway, a piece of hardware that converts data packets between different protocols----------------------------------------------------------------------------------
Actually- a router’s primary purpose in life is to take in an IP packet (yes there are other protocols-but IP is the predominant one), consult a routing table (the router will have put this together by communicating with fellow routers using RIP, OSPF, etc.) then based upon the routing table, the router will send that IP packet out the proper interface to the “next hop” in the path to the final destination.
It used to be that a major function of a router was to convert between “protocols” as Urban Ranger said. But that was primarily converting between Ethernet and Token Ring/FDDI or between Ethernet and Frame Relay (i.e., between LAN layer 2 and WAN layer 2).
The LAN to WAN is still important, the Ethernet to Token Ring, etc. less so.
It’s easy to do NAT out-of-the-box, but I think your example of an HTTP-only firewall is a bit specious. Sure, if you’re one of the rare people who do only HTTP, then you’re fine. IM? Need to config. Network games? More config. All the various things a telecommuter might want like VPNs, mounted drives, SSH, etc? More config. Even some of the most Luddite people I know aren’t HTTP-only anymore.
I will agree with you that the amount of config is mimimal if you can afford to just lock everything down. My point is that most people don’t want to do that and need to learn enough about how the firewall works to allow the things they want and exclude the things they don’t. I just thought it would be helpful to the OP to point out that he might need to do some research on how exactly he wanted his firewall set up, and a lot of the detailed config that is dead-simple in a software firewall can be a real pain in a hardware device (depending almost entirely on how good the interface to the hardware is).
And how exactly is “send packets between machines” not true? Whether it does address translation, network routing and/or protocol changes, a router’s basic function is to get packets from here to there.
My point was simply that both a firewall and a router look at packets and process them according to a list of rules. Obviously they use different rules because they’re trying to accomplish different things, but both devices are processing packets in a similar way.
Actually, with the Linksys, and most other SOHO routers, most of these functions don’t need any config done on the router. Certainly not IM, filesharing (e.g. Bearshare) or VPN. Possibly some network games, if the game requires an incoming socket. But I’d guess that at least 75% of home router users don’t change anything on the router.
Routers and firewall both “look” at IP packets. In fact, a router can act as a firewall using what are called Access Control Lists. That is, the access list is a group of statements. Each statement defines a pattern that would be found in an IP packet.
As each packet comes through an interface with an associated access list, the list is scanned from top to bottom–in the exact order that it was entered–for a pattern that matches the incoming packet. A permit or deny rule associated with the pattern determines that packet’s fate.
In some cases this may be suitable for the user’s firewall needs.
In some cases it is not sophisticated enough. Then you look at products such as Checkpoint, etc.
Keep in mind that the “primary” role for the router is “routing” (directing) the packet on its way based on entries that are contained in the routing table (seperate from the access list table).
So they both “look” at information in the various layers (OSI 7 layer) then they do things based on their function.
Nowadays you can buy products that combine functionality and that’s OK for some situations, but as usual if you want a full-blown sophisticated Firewall and a full-blown sophisticated router-you’ll have to get separate boxes.
This is NOT a safe assumption to make. A router can act as a limited sort of firewall but, for example, a Cisco 2600 series router with a minimal configuration is most certainly not a firewall by any modern definition of the term. It can be made to do some of the things that firewalls do. For example, you can hide your LAN IP addresses with NAT, and you can restrict accessibility with access lists, but these are very very basic firewall functions. Most modern firewalls have stateful packet inspection and some kind of alert mechanism, which a straight-up Cisco router does not have. You can upgrade a Cisco router with the “IOS Firewall” software package to improve things somewhat.
Below is a list of the kinds of firewalls I’ve been in charge of managing. This is not meant to be a comprehensive list, so please don’t anybody get annoyed if I leave out your favorite. 
A SonicWall is a fair “plug-it-in-and-go” firewall at a cheap price
A Cisco PIX is a good firewall at a rather more expensive price.
A Sidewinder is a very good application firewall at a high price.
A Novell BorderManager is a firewall that is expensive and not as great, at least not since the last time I had to deal with one, which was about three years ago. They may have improved since then.
So are switches, bridges, gateways, and a bunch of other equipment. As a matter of fact, so is a cable 
My point is what you said applies to all networking equipment, more or less.