The SPI firewall will keep hackers who are randomly trying IPs out. But keep in mind, when you go to a web page, any web page, you have invited them in. Thats where the firewall on your PC takes over. _________________
A good hardware firewall will have both NAT and SPI. NAT is Network Address Translation. SPI is Stateful Packet Inspection. NAT changes the IP Address of your computer from a public one to a private one. NAT will also hide the “ports” your computer uses to communicate over the Internet. This takes your computer out of the public view and makes it harder for hackers to find your computer. SPI inspects each bit of information that your computer receives from the Internet to insure that it is addressed to your computer. Hackers and Worms will send out general broadcasts and see if they can get someone to respond. Once they respond, the hacker or Worm will know how to reach your computer. Nat and SPI protect you from these types of attacks. It is very important for someone with an always-on (DSL or Cable) connection to have one of these.
Software Firewall
Software firewalls have improved over time to become almost as good as a hardware firewall. A software firewall does not usually have a NAT interface. However, a good software firewall will have SPI and will hide your ports from the Internet. To do this it will also prevent you from sharing files and printers on your network. If you have two or more computers and share files between them, it is hard to setup a software firewall, not only protect you from the Internet, but to allow you to share files and printers. Windows XP® does have a software firewall included. Windows XP® software firewall does not have SPI, but can be configured easily for file and print sharing. I should also mention that setting up gaming with a firewall is not always easy. You do have to open ports that will remain open after you have finished gaming. This does leave you open for hackers.
Good post PLUG. I would add that anyone needing to leave ports open for special services should use VPN connections to protect their network from hackers. _________________ Home Network on Telus 1Gb PureFibre - 10GbE Copper Backbone
2x R7800 - Gateway & WiFi & 3xWireGuard - DDWRT r53562 Std k4.9
Off Site 1
R7000 - Gateway & WiFi & WireGuard - DDWRT r54517 Std
E3000 - Station Bridge - DDWRT r49626 Mega K4.4
Off Site 2
R7000 - Gateway & WiFi - DDWRT r54517 Std
E2000 - Wired ISP IPTV PVR Blocker - DDWRT r35531
A good hardware firewall will have both NAT and SPI. NAT is Network Address Translation. SPI is Stateful Packet Inspection. NAT changes the IP Address of your computer from a public one to a private one. NAT will also hide the “ports” your computer uses to communicate over the Internet. This takes your computer out of the public view and makes it harder for hackers to find your computer. SPI inspects each bit of information that your computer receives from the Internet to insure that it is addressed to your computer. Hackers and Worms will send out general broadcasts and see if they can get someone to respond. Once they respond, the hacker or Worm will know how to reach your computer. Nat and SPI protect you from these types of attacks. It is very important for someone with an always-on (DSL or Cable) connection to have one of these.
Software Firewall
Software firewalls have improved over time to become almost as good as a hardware firewall. A software firewall does not usually have a NAT interface. However, a good software firewall will have SPI and will hide your ports from the Internet. To do this it will also prevent you from sharing files and printers on your network. If you have two or more computers and share files between them, it is hard to setup a software firewall, not only protect you from the Internet, but to allow you to share files and printers. Windows XP® does have a software firewall included. Windows XP® software firewall does not have SPI, but can be configured easily for file and print sharing. I should also mention that setting up gaming with a firewall is not always easy. You do have to open ports that will remain open after you have finished gaming. This does leave you open for hackers.
thanks for the info!! I don't think dd-wrt has nat though, i only see spi...
does this mean i should get a pc firewall? you seem to know your stuff, what do you recommend?
id really like to to avoid isntalling another firewall, but it leaves me significantly more vulnerable...
By default, DD-WRT will do NAT between WAN and LAN.
NAT is not really a firewall, or shall I say firewall is not the intended purpose of NAT. Security is just an inherent side effect of the technology.
If your PC gets infected, hardware firewall probably won't do any good. Software firewall is more useful for blocking outbound traffic, which dd-wrt does NOT do by default.