Hi guys,

another *basic* question.

i hv bn told that ISP's don't like ppl connecting multiple pc's on the one IP address .. and before you even start considering hooking up your private network, you SHOULD firewall your gateway.

i hv bn reading a few articles online, and i wanted to know if ONE of the reason's for a firewall is to make it "appear" that you don't have a firewall. so essentially, you set up a firewall, that will not "reject" all requests for ports <1024, instead "deny" them, so the requesting computer will not be aware that the port is unreachable.

according to this article:

"It is possible to make your system look like it has not got a firewall, at least on first inspection. Use REJECT for all UDP, and for TCP, implement a means of sending reset packets, for example with return-rst. Other protocols should be DENYed" (from http://www.logi.cc/linux/reject_or_deny.php3)


ANOTHER QUESTION:

is it true that if you hv multiple pc's using the one IP without a firewall, and that IP is ping-ed, the ping-ing computer will receive a reply from *all* the pc's located at that IP.

someone told me this, but i can't understand how it could be. i suppose you could always check the ARP table to see the MAC addresses.

but is there truth or logic to this?

thanks ..

ANOTHER QUESTION:

is it true that if you hv multiple pc's using the one IP without a firewall, and that IP is ping-ed, the ping-ing computer will receive a reply from *all* the pc's located at that IP.

someone told me this, but i can't understand how it could be. i suppose you could always check the ARP table to see the MAC addresses.

but is there truth or logic to this?

thanks ..[/QB][/QUOTE]


i hv bn told that ISP's don't like ppl connecting multiple pc's on the one IP address .. and before you even start considering hooking up your private network, you SHOULD firewall your gateway.

They don't like it because they are lossing money. But I only know of 1 ISP that has something about that in there T&Cs and thats sprint. And you should have a firewall, also I don't think it matters in people know you have a firewall.

It's not so much the firewall that you want to be invisible. Configured properly; the firewall can make your computer invisible from the internet. This is desirable because; simply put... No one can attack, or even scan your computer if it's not seen.

the only reason i use a firewall is to keep crackers\cyber criminals and just idiot scriptkiddies out of my computer, there is nothing that could be exploited for their personal and fininancial gain, and i do not want my computer used for a Ddos attack ( are you familier with zombie computers?)

if there were no criminal elements on the internet i would get rid of my firewall and let anyone in to download software & mp3s for free!!!

no nags, no adds, no need to register...

If you are doing NAT for a buch of computers on your LAN and your firewall gets pinged, only the firewall will reply because The destination of the packet is the firewall and it isn't related to another connection, so it won't get forwarded to an internal computer.