Welcome to Netrider ... Connecting Riders!

Interested in talking motorbikes with a terrific community of riders?
Signup (it's quick and free) to join the discussions and access the full suite of tools and information that Netrider has to offer.

IT Help: Broadband router firewall question

Discussion in 'The Pub' at netrider.net.au started by robsalvv, Aug 5, 2007.

  1. My learned mate, Port80, told me that my broadband router had a firewall... so I went off to investigates and he's right.

    I called up my router's web page (the router is a Thomson Speed Touch 585) and navigate to the firewall bit...

    The firewall is currently set to "disabled" but has two other settings - standard and block all.



    "Block all" appear to shut the gate on all internet traffic.
    The standard setting is a bit unclear.
    :? Would some kind soul give me a clearer description. If all incoming traffic is blocked how can you surf???


    By the way, I've converted to firefox... I'm liking it. :grin:
     
     Top
  2. The 3mb PDF manual is here http://www.thomsontelecompartner.com/getfile.php?id=3667

    I have a Netgear so cant help but to say I have mine set to a medium level and I use a software FW as well.

    Edit: Curiosity got the better of me and I had a look at the manual and it tells you nothing! POS
    So I surf over to whirlpool and do a SEARCH there.
    Nothing directly related to your question but there may be some info if you can be bothered to look.

    Cheers,
    Chris.
     
     Top
  3. Can be hard to explain.........

    But the safest thing to do is find a setting that turns everything OFF, then turn on the ports you want to allow. (M$ by default has always allowed everything, making the user block off the nasty stuff, that makes it real easy for the bad guys)

    Basic ports you will probably want to allow are :80 (basic web) :8080 (proxied web) :21 (smtp mail) :110 (pop3 mail) and maybe :443 ("secure" web)

    After that it's pretty well program specific. As a paranoid sysadmin, I say "if in doubt, shut it out" But that might be too restrictive for home.

    IIRC, the linksys and Cisco sites have some tutorials that may help.

    In the end, if you have good anti-spyware and anti-virus running and UPDATED!! you should be OK.
     
     Top
  4. Ha, you overestimate me :)

    I do believe that the standard setting should be the best option. My understanding of this setting is that non external source can initiate a connection to your desktop PC. Although I'm guesstimating that the modem/router is performing NAT, which means that this would probably already be the case (more security through obscurity than anything).

    I would assume that this setting allows incoming connections that were initiated by a source inside you modem's local net. I haven't read the docs on your modem (or seen your network) so there's a bit of guessing going on.
     
     Top
  5. Whether you end up using the included firewall on the router or not I would definitely still use a host-based firewall (Comodo Personal Firewall seems to be one of the best ones I've seen for the Windows OS).
     
     Top
  6. SMTP is 25, FTP is 20 and 21, You will also need to check that your isp uses 8080 most seem to be transparent these days.
     
     Top
  7. Use this option, and you'll be fine (unless you do anything outside the norm like have a game server or web server in your house).

    You'll have what's called a "stateful NAT" firewall, which essentially means it will monitor your requests that go out to the internet and allow the responses from the server you requested to come back into you. But if a server or PC tries to make a connection into you that you didn't request, it will disallow it.
     
     Top
  8. Thx guys.

    Appreciate you guys diving in.


    I've clicked on the configue link and there doesn't appear to be any way to set up which ports are allowed or disallowed... :? It's confusing. The Thomson info does suck! meh, the router came virtually free with aapt... wireless plus four ports for next to nix...


    Thanks for that simple explanation Mouth :) . I'll go with "standard" and see what happens.

    The router has a security log that you can check - so I'll occasionally have a look at that and see how my little set up is fairing.


    Cheers! :)


    ...the education continues...
     
     Top
  9. but that spoils all the fun for teh haxxors :LOL:
     
     Top
  10. When setting up a home firewall you don't need to specifically allow the standard ports (80, 21, 25 etc.) unless you want to provide those services to others. When you initiate a connection from behind the firewall it will allow responses to reach you.

    You should close any ports that you don't need, especially if you are using an older version of Windows.
     
     Top