Network Tallahassee
Support Menu

Billing

Basic ISP Settings
How to Connect
Email Information

Spam Control

Web Site Hosting
  - Domain Hosting
  - Personal Web Sites

WebMail

Internet Security

Software Downloads

Questions (FAQs)
  - General
  - Windows (general)
  - Windows 95/98
  - Windows NT 4.0
  - Apple / Macintosh
  - Amiga

Glossary

Contact Info

Search

Your IP Address:
  38.103.63.17

7/24/2008 12:58:56 AM

Internet Security
Basic Firewall Information

Topics

Disclaimer

Network Tallahassee does NOT offer technical support for setting up firewalls or fixing incorrectly configured / misbehaving firewalls. The information below provides limited information about firewalls and some tips that may be of use to you. If the information here doesn't help you, you will need to contact the manufacturer of your firewall solution.

What is a firewall?

A firewall is a device or software that filters network traffic based on various criteria including IP addresses, protocols, ports, etc. Firewalls, when properly configured, can reduce the likelihood of computers and other network devices being attacked or hacked/hijacked by other people.

Generally speaking, there are two types of firewalls:

  • Hardware-based firewalls
    Hardware-based firewalls are firewalls that exist in network devices (including some DSL/Cable/ISDN modems and routers) and do not rely on software to run on any particular computers, other than software that may be used to upload configuration information into the hardware-based firewall. Because these firewalls reside on a network, they can be used to efficiently filter traffic for multiple machines. They also reduce the amount of "garbage" that may pass through the network trying to reach a particular computer.
  • Software-based firewalls
    Software-based firewalls are software applications that are installed on individual computers and with the exception of proxy servers, protect only the computer that the software was installed on. Software-based firewalls are most frequently used by dial-up customers and home/small-office users because they're cheaper and often only needed on a single computer.

What is NAT firewalling?

NAT firewalling is a term that some people use to refer to a pseudo-firewall that works by obscuring the IP addresses of computers that are within a network connected to the internet through DSL/Cable/ISDN modem/routers. These modems/routers often have a public IP address on the WAN (internet side) of the router, but have a private IP (see RFC 1918 - Address Allocation for Private Internets for more information) on the LAN (local area network) side. The other computers on the LAN also have IP addresses within this same private IP address range. These NAT-configured routers typically prevent the outside world from communicating directly with devices/machines on the LAN unless the communications were actually initiated/established by the machines on the LAN. Machines on the public IP space of the internet are not able to distinguish machines behind NAT because they all appear to have the same public IP address that is actually assigned to the routing device. NAT references:

RFC 3022 - Traditional IP Network Address Translator (Traditional NAT)
RFC 2663 - IP Network Address Translator (NAT) Terminology and Considerations

Where can I get a firewall?

Here are some common software-based firewall applications (not listed in any particular order):

NOTE: Windows Firewall (previously named Internet Connection Firewall) is included with Windows XP and Windows Server 2003. When Service Pack 2 for Windows XP was released in the Summer of 2004 (and subsequently, Service Pack 1 for Windows Server 2003 in Spring of 2005), the Internet Connection Firewall was enhanced, renamed to Windows Firewall, and was enabled by default in Windows XP. See these Microsoft documents:

Understanding Windows Firewall (Windows XP)
Help: Windows Firewall (Windows XP / Windows Server 2003)
Windows Firewall Operations Guide (Windows Server 2003)

It's generally not a good idea to run more than one firewall application on a single computer; they may interfere with one another and cause unpredictable behavior.

Some higher-end DSL/Cable/ISDN modems and many routers have built-in firewalls that filter connections before they reach your computer (often eliminating the need for software-based firewalls on computers that are connected to the internet via a DSL/Cable/ISDN modem/router. Refer to your hardware documentation (or website) for information.

What ports should I leave open?

Many firewalls are configured by default with certain TCP and/or UDP ports open for OUTBOUND connections (connections that are initiated by your computer). The listing below contains some common ports and their use (port number, port type (TCP and/or UDP), purpose/usage). This list does NOT mean you should assume you need to leave all of them open! The following link should be referenced as a "master" list:
Port Numbers (IANA--Internet Assigned Numbers Authority)

  • 80 - TCP - World Wide Web (HTTP) -- example: http://www.google.com
  • 443 - TCP - HTTP protocol over SSL (HTTPS) -- example: https://www.abcxyzbank.com/login
  • 25 - TCP - Simple Mail Transport Protocol (SMTP) -- used for sending mail through an SMTP server
  • 110 - TCP - Post Office Protocol version 3 (POP3) -- used for retreiving mail from a POP3 server
  • 3389 - TCP - Remote Desktop Protocol (terminal services, Remote Assistance) -- See this: Frequently Asked Questions About Remote Desktop
  • 53 - UDP/TCP - Domain Name System (DNS) -- required for your computer to "resolve" names like "support.nettally.com" into computer-usable IP addresses
  • 20, 21 - TCP - File Transfer Protocol (FTP) -- used for transferring files back and forth between computers on the internet --example: ftp://ftp.mywebsite.com
  • 23 - TCP - Telnet -- used to interactively log into systems that support terminal sessions
  • 22 - TCP - SSH Remote Login Protocol -- used to interactively log into systems that support terminal sessions via encrypted authentication
  • 8080 - TCP - HTTP Alternate (see port 80) -- sometimes used on some web servers for special/alternate websites
  • 123 - UDP - Network Time Protocol (NTP) / Simple Network Time Protocol (SNTP) -- used for time synchronization
Some firewalls may or may not block one or more types of ICMP traffic that can be used by the ping and traceroute utilities (very useful for researching network problems).

Does Network Tallahassee have a firewall?

Network Tallahassee does perform limited firewalling in our border router that connects our network (and customers) to the outside world. Virtually all of the firewalling at this level is to prevent attacks and other forms of unauthorized access to our servers and network equipment.
We do NOT filter traffic to/from our customers with the following exceptions:

  • We DO block RFC 1918 traffic at multiple levels within the network. This has no adverse affects on our network or our customers. See RFC 1918 - Address Allocation for Private Internets for more information. The three IP address ranges associated with this are:
    10.0.0.0 - 10.255.255.255 (10/8 prefix)
    172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
    192.168.0.0 - 192.168.255.255 (192.168/16 prefix)
  • We DO occasionally filter certain TCP and/or UDP ports to a limited extent that are associated with specific attacks and/or viruses. An example is a limited block on TCP ports 5554, 9995, and 9996 that the Sasser worm used for propogating itself across the internet.

Troubleshooting firewall configuration problems

If you're encountering problems with your firewall, you will need to consult the software's documentation and/or manufacturer for help. Troubleshooting information can typically be found in help files on your computer or in printed material that came with your firewall product. Information may also be available on the manufacturer's web site (typically in a Support section.
The following may be of help:


© 2003 - 2005 Network Tallahassee