1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Do I need a soft firewall if I have Tomato's enables?

Discussion in 'Tomato Firmware' started by rizsher, Mar 24, 2009.

  1. rizsher

    rizsher Network Guru Member

    Have done a bit of googling and couldn't quite get the answer..

    I've got Tomato 1.23 with the firewall enabled, have done some port forwarding (specific ports to an asterisk server, some to point to the webservers of a couple of NAS boxes/Sipira ATA's I have , etc).

    With this setup, is there any need to have a soft firewall on my PC(s)??.

  2. phuque99

    phuque99 LI Guru Member

    No you don't, NAT prevents any external Internet IP from reaching your PC unless you explicitly open ports on the router. "soft" firewall can be enabled to block attacks from machines within your network.
  3. rizsher

    rizsher Network Guru Member

    Even though I have forwarded certain ports to internal PC address, I forgot to mention 5800 for VNC and 3389 for Remote Desktop?

    Also, I use PiaF flavour of Asterisk distribution, and that comes pre-installed with Fail2Ban, and every day, I see emails about IP addresses Fail2Ban has banned.
  4. bripab007

    bripab007 Network Guru Member

    I would not use that default port value for Remote Desktop.
  5. ifican

    ifican Network Guru Member

    You can never have to much prevention, however you can have so much prevention that your system becomes unusable. There is a fine line between a hassle to use and good security. I would absolutely recommend a software firewall on the machine and if you want to be a good net surfer you set it up to allow 80 and 443 outbound but nothing else unless you specifically set it to. The problem with most host based firewalls is they deny all incoming which is good, but they allow all outgoing which is bad. If your machine gets compromised and initiates an outbound connection on a random port your tomato box is going to allow it (permits all outgoing by default) and your host based firewall will as well. Your tomato box is a little harder to manage where a host based firewall is not. Now if you are going to manage your tomato firewall is a secure manner i would argue that you do not need a host based firewall. But since iptables is out of the question for most, host based is a much easier a viable solution. Then again if you are going to imploy a host based and not restrict outgoing whatsoever, then there really is no need for one is there?
  6. mstombs

    mstombs Network Guru Member

    Yes, you need a software firewall on your PC to manage internet connections initiated by potentially bad things running on your PC. The router allows any replies to connections initiated from your PC. You will also find how many apps on a standard windows install 'phone home' when started up

Share This Page