PDA

View Full Version : Free Firewall recommendations



Billy T
03-04-2014, 11:14 AM
Well, my longtime D-Link 504G NAT Router finally expired last night. The power supply gave up the ghost, so I plugged in a replacement and it still didn't work, so I hooked up the free Thomson TG585 V7 that Telecom sent me a few years back and got back into action (with WiFi disabled) much to the disgust of Billy Jnr who is temporarily back in town and wanted to use it with his iPhone and Mac Book, probably so he can wander around the estate using up my BW in places where I can't see him!.

The residual problem is that the old router had a firewall function (network address translation?) but when I ran Gibson's test the Thomson was wide open, so I'll need to add a software firewall.

So, I'm looking for recommendations for what is essentially a 'set-up and forget' (or preferably an 'auto-setup and forget' click your way through the options Free download'.

Any and all recommendations appreciated. It needs to be as fast and painless to set up as possible as I am submerged with work at present.

Cheers

Billy 8-{)

Webdevguy
03-04-2014, 11:23 AM
Well, my longtime D-Link 504G NAT Router finally expired last night. The power supply gave up the ghost, so I plugged in a replacement and it still didn't work, so I hooked up the free Thomson TG585 V7 that Telecom sent me a few years back and got back into action (with WiFi disabled) much to the disgust of Billy Jnr who is temporarily back in town and wanted to use it with his iPhone and Mac Book, probably so he can wander around the estate using up my BW in places where I can't see him!.

The residual problem is that the old router had a firewall function (network address translation?) but when I ran Gibson's test the Thomson was wide open, so I'll need to add a software firewall.

So, I'm looking for recommendations for what is essentially a 'set-up and forget' (or preferably an 'auto-setup and forget' click your way through the options Free download'.

Any and all recommendations appreciated. It needs to be as fast and painless to set up as possible as I am submerged with work at present.

Cheers

Billy 8-{)

Not sure if its free, but I use the Mac version of this which was the original version and it is the best thing since sliced bread.

Little Snitch for Windows (http://littlesnitchwindows.com)

It allows you to control network traffic.

Alex B
03-04-2014, 11:54 AM
Unless you want to become a DNS relay and wonder where all your data has gone, you need a firewall at the gateway, not at the endpoint device. You will have a hard time finding a router that doesn't have a built in firewall. Have you checked it isn't just turned off on the Thompson?

NAT and Firewall are different things, all routers do NAT, it's what a router does.

1101
03-04-2014, 12:12 PM
but when I ran Gibson's test the Thomson was wide open, so I'll need to add a software firewall.


What do you class as wide open ? every port or just a few open ports ?
One could be the back door that Telecom has in some of their modems : not a conspiracy btw :thumbs:
Or as mentioned, could be a setting ... check DMZ, ports opened for gaming, remote access, p2p/torrenting etc


Just get a well known brand modem router & it will be as safe as the other billion or so routers in everyday use.
Preferably not a Dlink or Belkin (just generalizing)

Agent_24
03-04-2014, 01:06 PM
I've not used the Thomson TG585 V7 but I have used an ST536 v6 and now the VDSL one, and both of those block all inbound by default, I think you have got some settings wrong in your TG585, because practically all the modern routers have a firewall inbuilt.

Check the instructions for changing firewall settings in the TG585 here: http://help.telecom.co.nz/app/answers/detail/a_id/15998

Chilling_Silence
03-04-2014, 03:09 PM
Yeah the NAT is sufficient, nothing will be reaching your PC unless you're explicitly port-forwarding it. The router will be responding differently, but it doesn't mean you're actually more vulnerable now.

The Gibson GRC test may show you're "wide open" but it's not you that's wide open, it's your router. Even then, it's not wide open, it's just not behaving in the same "super secret" manner, compared to your last one, it's still secure.

That said, when you run into issues with the Technicolor dropping out, get yourself the DrayTek DV2760n. It's VDSL2 compatible so is future-proofed, and it's an incredibly solid piece of kit. I would suggest the DV130 and a wireless AP running Gargoyle, but you strike me as more of a "Don't care, just give me an all in one that's going to be reliable" sort of bloke.

If I was you, I wouldn't bother with a firewall on your PC if you've never had one until now, just coz you're changing routers...

Billy T
03-04-2014, 06:10 PM
Well, I'm in via the web interface and it is saying that the firewall is turned off, but I can't progress anyway because apparently I need to have a password. That is a bummer because I didn't enter any password or logon, the whole process was run from the CD and I was watching it the whole time. To make any change I'd probably have to do a full reset and start again. I've dug a little deeper and the config page give only three options Open, Block all outgoing, Block all incoming.

What the hell is the use of that?? I'm beginning to understand the angst that was flowing way back when Telecom first distributed these Thomson @#$%$#@. I'm not sure what it was all about, but I do recall that they were not popular which is why I simply left mine on the shelf until last night when the D-Link expired. I'm thinking I'll have a go at fixing it, I've repaired the power supply already so I'll see what ails the router but if I can't fix it, I'll buy a replacement.

Cheers

Billy 8-{) :(

CliveM
03-04-2014, 07:13 PM
Try 'Admin' for the user and also the password. The password may also be blank.

Bryan
03-04-2014, 07:14 PM
Any chance of right clicking on what ever and run as administrator. usually the password is blank.

Agent_24
03-04-2014, 07:14 PM
You want "Block all incoming" - that (naturally) blocks all incoming connections - unless your computer asked for them (or you have certain ports opened manually, or have UPnP enabled and are running a program which uses it) Maybe a strange way of labeling it, but that's how it is.

As for the password, if you didn't set one, it should be the default, which AFAIK is either nothing (just press enter), or 'admin' or 'password', although the CD you ran may have set it to something else, I don't know, I never used those setup CDs, they're more trouble than they're worth, I always do the setup manually.

As for your D-Link I wouldn't be surprised if the capacitors have gone high ESR, they're not known to use top quality ones.

Alex B
03-04-2014, 11:15 PM
The 504G doesn't even support ADSL2, scrap it it's past it's prime.

Greg
04-04-2014, 12:22 AM
Just interested to know on a slightly related matter... if I access the Internet by tethering my mobile wirelessly to my pc, do I need any extra firewall to what's built into Win 8.1?

Agent_24
04-04-2014, 09:15 AM
Just interested to know on a slightly related matter... if I access the Internet by tethering my mobile wirelessly to my pc, do I need any extra firewall to what's built into Win 8.1?

Depends on your level of paranoia.

Chilling_Silence
04-04-2014, 09:47 AM
Technically the Cellphone does the NAT, which is the same as your bog standard DSL router, so you'd only really want one to stop outgoing stuff.

Billy T
04-04-2014, 05:48 PM
The 504G doesn't even support ADSL2, scrap it it's past it's prime.

Old perhaps, but not entirely past its prime, yet.:D I've repaired the power supply (took about 15 minutes) and the Router (add another 30) and I'm going to try it again. At present the Thomson is giving me download speeds between 4 & 6Mb, and 800-900kb upload. That is not noticeably faster than the D-Link. I will buy a new router in due course but I'll do some research first to make sure it is not a drama to set up and run. For some reason the Thomson seems to have killed my wife's Gmail logon, it was OK yesterday and NBG today. There were two or three other consequential interventions and failures, but nothing that didn't fix itself or I couldn't rectify. For example I couldn't forward an email from Xtra to Gmail for some time, it popped up some error messages, then somehow or other the error message went away and all was sweet.

Before anybody asks, yes, my adsl incoming is on a dedicated line with a proper Telecom filter/splitter at the point of entry and a separate adsl feed all the way to a terminal box in my office (a proper job, not a half-arsed lashup) and the incoming is shared only with my business phone line.

Recommendations for a new router that offers a sweatless plug and play upgrade would be appreciated and acted upon in due course.

Cheers

Billy 8-{) :)

Chilling_Silence
05-04-2014, 12:10 AM
DrayTek DV2760n is your friend then :) No dramas! Coz you're with Telecom I don't even think you have to set the VCI / VPI, they're pre-set for NZ, and Telecom do port-based authentication so no username / password required... Just plug it in and you're away laughing!