Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Do I need a router with Mac and these firewall settings?


  • Please log in to reply
10 replies to this topic

#1 Gramek

Gramek

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:36 PM

Posted 08 January 2017 - 09:08 AM

I am single home user in one apartment with no other users, living apartment block house with over hundred apartments.

I have cable internet and one modem.

 

Mac firewall has "block all incoming connections" and "enable stealth mode" enabled. All sharing services are disabled.

Do I need a router? All ports are disabled with these settings (I assume at least) so is router needed?


Edited by hamluis, 09 January 2017 - 08:22 AM.
Moved from External Hardware to Mac - Hamluis.


BC AdBot (Login to Remove)

 


#2 Chris Cosgrove

Chris Cosgrove

  • Moderator
  • 6,219 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:03:36 PM

Posted 08 January 2017 - 04:57 PM

First of all - welcome to BC !

 

If I understand you correctly you are using ethernet to connect to the modem since you only need a router if you want to use wifi. So, so long as you are happy connecting by ethernet then you don't need a router.

 

 

"block all incoming connections"

 

However this doesn't sound  right. If all incoming connectiions are blocked I would have thought this would imply that nothing gets in to your computer at all. You might find it useful to start a new topic in either the networking or the Mac OS sections of BC for clarification on this point.

 

Chris Cosgrove



#3 Gramek

Gramek
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:36 PM

Posted 09 January 2017 - 06:50 AM

First of all - welcome to BC !

 

If I understand you correctly you are using ethernet to connect to the modem since you only need a router if you want to use wifi. So, so long as you are happy connecting by ethernet then you don't need a router.

 

 

"block all incoming connections"

 

However this doesn't sound  right. If all incoming connectiions are blocked I would have thought this would imply that nothing gets in to your computer at all. You might find it useful to start a new topic in either the networking or the Mac OS sections of BC for clarification on this point.

 

Chris Cosgrove

 

Yes, ethernet cable to modem, modem to computer. Don't want Wi-Fi. :D So router is not needed for security?

 

All incoming connections means that:

https://support.apple.com/en-us/HT201642

Selecting the option to "Block all incoming connections" prevents all sharing services, such as File Sharing and Screen Sharing from receiving incoming connections. The system services that are still allowed to receive incoming connections are:

  • configd, which implements DHCP and other network configuration services
  • mDNSResponder, which implements Bonjour
  • racoon, which implements IPSec


#4 Chris Cosgrove

Chris Cosgrove

  • Moderator
  • 6,219 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:03:36 PM

Posted 09 January 2017 - 04:55 PM

OK, so I took an overly literal interpretation of the word 'all' !  Apple computers are not my thing !

 

But no, as far as I am aware there is nothing to be gained by you in getting a router since the ports that are open as you describe would still be open if you were using a router, it would merely add another layer of complexity to the signal path. But I could be wrong.

 

I live in the UK where almost everybody gets supplied with an integrated router/modem by their ISP and, in the area where I live, there is only one town which has cable so I have very little experience with that either !  Wait and see if anybody else has a different opinion.

 

Chris Cosgrove



#5 smax013

smax013

  • BC Advisor
  • 2,329 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:36 AM

Posted 11 January 2017 - 12:49 AM

If I understand you correctly you are using ethernet to connect to the modem since you only need a router if you want to use wifi. So, so long as you are happy connecting by ethernet then you don't need a router.


Not quite true.

A router (ignoring the wireless part for the moment...more on that in a second) serves two basic functions.

The primary function of a NAT (network address translation) router (which is what typical consumer level routers are) is to route an external IP address to various computers on the local network with local IP address, which then basically allows multiple computers (and other Internet connection devices in today's world) to connect to the Internet through one external IP address.

A secondary function then is to get a firewall effect. As I understand it, NAT routers are not true hardware firewalls in the traditional sense of a hardware firewall, but they do effectively behave as a type of firewall. They in effect "close" ports to external initiated Internet traffic, while still allow internally initiated traffic (i.e. if you go to a website, you are initiating the connection and then "two-way" traffic can ensue, but an outside source can not initiate a connection unless you tweak some of the router settings such a port forwarding or using a DMZ zone).

Now, in today's world, a typical "router" is actually a combination of several devices: the router function itself (this allows multiple Internet connected devices to access the Internet...i.e. it "routes" the connection), a network switch (gives the router multiple ethernet ports...original routers came with only one ethernet port and you provided an external switch), and a wireless access point (when WiFi was first released, you would get a separate wireless access point, but then routers started to come with them included as they are now...you can still get just "pure" wireless access points). Many routers also now come with printer servers (i.e. allow you to connect a USB printer to the router so that you can print over the network) and network attached storage functions (i.e. allow you to connect a USB hard drive to the router to allow you to access that hard drive over the network). You can also get routers that have "true" hardware firewalls included. And of course, you can now typically get modems (cable or DSL or Fiber) that include routers (with WiFi and multiple ethernet ports), which are typically then called "gateways" by ISPs.

As you noted in your additional post, many people now get a "residential gateway" (aka modem/router) from their ISP when they get Internet service. If one does, then there is no technical need to get a "third party" router, but some people (such as myself) due because the gateways from ISPs usually have weaknesses (in my case, the WiFi from the ISP provided gateway sucks) or "third party" routers might have more features.

In the case of the original poster, it sounds like they might just have a modem with no router function built in. If that is true AND the original poster ONLY wants/need to connect a single computer and is fine doing that by way of an ethernet cable, then the only potential reason to get a router would be the firewall function it can provide. Today's operating systems, however, do tend to provide rather good built-in software firewalls, so a router might not be needed...but it would somewhat depend on which version of the OS the person is running. Of course, there are also "third party" software firewalls for the Mac (as well as for Windows). I personally use NetBarrier from Intego on my Macs as it is easier to configure than the built-in macOS one (although the built-in one is more than powerful enough if using one of the newer maOS versions). And in my case, I also then have my router acting as a firewall too.

#6 smax013

smax013

  • BC Advisor
  • 2,329 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:36 AM

Posted 11 January 2017 - 01:01 AM

First of all - welcome to BC !
 
If I understand you correctly you are using ethernet to connect to the modem since you only need a router if you want to use wifi. So, so long as you are happy connecting by ethernet then you don't need a router.
 

"block all incoming connections"

 
However this doesn't sound  right. If all incoming connectiions are blocked I would have thought this would imply that nothing gets in to your computer at all. You might find it useful to start a new topic in either the networking or the Mac OS sections of BC for clarification on this point.
 
Chris Cosgrove

 
Yes, ethernet cable to modem, modem to computer. Don't want Wi-Fi. :D So router is not needed for security?
 
All incoming connections means that:
https://support.apple.com/en-us/HT201642
Selecting the option to "Block all incoming connections" prevents all sharing services, such as File Sharing and Screen Sharing from receiving incoming connections. The system services that are still allowed to receive incoming connections are:
  • configd, which implements DHCP and other network configuration services
  • mDNSResponder, which implements Bonjour
  • racoon, which implements IPSec

Which version of the macOS are you using? If it is a fairly recent one, then I would say that you don't need the additional firewall effect of a router unless you want some "redundancy" of having a second firewall in effect...or want some of the other benefits of a router (i.e. able to connect multiple devices to the router, have a WiFi network, potentially have a network attached printer or hard drive, etc). Personally, I like the added "layer" (so to speak) of security.

Of course, if you ever have the need to have more than one Internet connected device (whether another computer to other devices such as smart phones, Internet cameras, smart TVs, streaming devices, etc), then you will need a router (unless your modem has a built-in router function...how many ethernet ports are on the back of the modem?). This, of course, is the other reason why I have a router.

And even if you do get a router, then I tend to still recommend running a software firewall to be on the safe side. This is elevated to a level of a must if that computer is a laptop that you take to other locations and connection to other networks. If that computer is a laptop and it connected to other networks (i.e say you take it to a coffee shop or restaurant with WiFi), then a firewall is need to ensure that other people don't have easy access to your computer through the network.

#7 Gramek

Gramek
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:36 PM

Posted 11 January 2017 - 07:18 AM

 

 

First of all - welcome to BC !
 
If I understand you correctly you are using ethernet to connect to the modem since you only need a router if you want to use wifi. So, so long as you are happy connecting by ethernet then you don't need a router.
 

"block all incoming connections"

 
However this doesn't sound  right. If all incoming connectiions are blocked I would have thought this would imply that nothing gets in to your computer at all. You might find it useful to start a new topic in either the networking or the Mac OS sections of BC for clarification on this point.
 
Chris Cosgrove

 

 
Yes, ethernet cable to modem, modem to computer. Don't want Wi-Fi. :D So router is not needed for security?
 
All incoming connections means that:
https://support.apple.com/en-us/HT201642
Selecting the option to "Block all incoming connections" prevents all sharing services, such as File Sharing and Screen Sharing from receiving incoming connections. The system services that are still allowed to receive incoming connections are:
  • configd, which implements DHCP and other network configuration services
  • mDNSResponder, which implements Bonjour
  • racoon, which implements IPSec

Which version of the macOS are you using? If it is a fairly recent one, then I would say that you don't need the additional firewall effect of a router unless you want some "redundancy" of having a second firewall in effect...or want some of the other benefits of a router (i.e. able to connect multiple devices to the router, have a WiFi network, potentially have a network attached printer or hard drive, etc). Personally, I like the added "layer" (so to speak) of security.

Of course, if you ever have the need to have more than one Internet connected device (whether another computer to other devices such as smart phones, Internet cameras, smart TVs, streaming devices, etc), then you will need a router (unless your modem has a built-in router function...how many ethernet ports are on the back of the modem?). This, of course, is the other reason why I have a router.

And even if you do get a router, then I tend to still recommend running a software firewall to be on the safe side. This is elevated to a level of a must if that computer is a laptop that you take to other locations and connection to other networks. If that computer is a laptop and it connected to other networks (i.e say you take it to a coffee shop or restaurant with WiFi), then a firewall is need to ensure that other people don't have easy access to your computer through the network.

 

 

 

Hello and thank you for reply!

I use El Capitan with Mac Mini.

 

My modem only has 1 ethernet port. Though I doubt I need any other devices anytime soon.

 

So such home user with maxed up software firewall might not need router firewall?



#8 smax013

smax013

  • BC Advisor
  • 2,329 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:36 AM

Posted 11 January 2017 - 10:09 AM

Hello and thank you for reply!
I use El Capitan with Mac Mini.
 
My modem only has 1 ethernet port. Though I doubt I need any other devices anytime soon.
 
So such home user with maxed up software firewall might not need router firewall?


In that case, you have no need for a router as long as you have the software firewall built into El Capitan turned on.

#9 Gramek

Gramek
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:36 PM

Posted 12 January 2017 - 06:48 AM

 

Hello and thank you for reply!
I use El Capitan with Mac Mini.
 
My modem only has 1 ethernet port. Though I doubt I need any other devices anytime soon.
 
So such home user with maxed up software firewall might not need router firewall?


In that case, you have no need for a router as long as you have the software firewall built into El Capitan turned on.

 

 

Thank you for the advice!



#10 smax013

smax013

  • BC Advisor
  • 2,329 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:36 AM

Posted 13 January 2017 - 09:18 PM

Glad to help.

#11 sflatechguy

sflatechguy

  • BC Advisor
  • 2,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:36 AM

Posted 15 January 2017 - 01:49 PM

Not to throw a spanner in the works, but you could look at a third-party software firewall for your Mac. The native Mac OS firewall is good, but not very effective. We have a number of Mac users where I work, and we recently implemented ESET Endpoint on them rather than rely on the native Mac firewall. We were dumbfounded by the number of potentially dangerous connections the Mac firewall was allowing through unhindered, but which ESET blocked. In a corporate setting, the Mac firewall doesn't quite cut it.

 

That said, as long as you are careful about the types of sites you browse on the Internet and the sorts of applications you use, the Mac firewall should be good enough for home use.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users