# Really Basic Dumb Question I Cannot Find an Answer

## txykumat

I have this gentoo laptop (not hardened) attached via wifi router with SPI firewall or directly attached cable modem with ethernet cable. I set it up so that VPN connection always starts when I boot up the laptop and only connect to internet through VPN.  I was wondering if I need to have a firewall (hardware build from old PC, bought, or software one run on gentoo laptop) at all because it does not matter what setup I do on my end, GCR Shields UP! scan always shows same port open and everything else closed, which I presume that VPN server facing internet is firewalled.

Sorry for such a newbie question. I had my router SPI firewall on I never thought of turning on  networkfiiler in kernel nor install any firewall on my gentoo laptop.

Please direct me to a relevant forum thread dealing with it. Right now I am reading WIKI on Firewall.

PS.

I do own a red small box of firewall appliance I got from RE PC for $10. But I could never get it to work with my VPN. Seems like I need some kind of subscription from SOHO.

----------

## NeddySeagoon

txykumat,

Your VPN is only as good as the far end of the pipe.

If there is a firewall there, that you have control over, that may be good enough.

If the far end is wide open to the world, all your VPN does is hide the IP address provided by your ISP.

Oh, it also provides encryption over your wifi, so that anyone getting access to your wifi cannot read your VPN traffic.

Nasty things can still come down the VPN to you.

-- edit --

The only dumb question is the one you never ask as you may never know the answer.

Be on the lookout for dumb answers though.

----------

## krinn

If you use some service to check if your ports are open while using the vpn, the service will catch the vpn IP as your IP is hidden behind it, and ALL the checks will be done against the VPN service.

What it mean is that you will only get answered about the security of the VPN provider, which you shouldn't really care if you're not their admin

In the mean time, your real internet IP exists, and is working, and even nobody can find it directly when you access them (they will see the VPN IP), it doesn't mean random scanner cannot find your IP ; and that's what you should really check: it doesn't mean your network doesn't have open ports and is secure.

So make no mistake on your security status, and re-think who (what IP) is being checked for security before feeling safe.

----------

## txykumat

Thank you very much for your input. I appreciate them all.

----------

