Network Ports & Firewalls

**Daywalker** · 28 December 2005, 09:48

You need outbound or inbound, or both??

May compromise your computer if someone was to use a port scanner and then see the open port. But your firewall may protect it, which firewall are you using?

**maximus** · 28 December 2005, 11:25

Thanks

There is (I believe) a hardware firewall in the BT router- I also use Nortons Internet Security which is where I have opened the ports

**Daywalker** · 28 December 2005, 11:28

Your Norton Firewall should allow the connections for the ports you have opened but control any malicous attempts to access your computer.

Is it working?

Do you need to amend the BT router also?

**Statistician** · 28 December 2005, 11:46

Norton firewall is no good. Get Zone Alarm instead.

**NoddY** · 28 December 2005, 16:56

People often confuse firewalls with NAT, because both are usually on the same device or part of the same software.

The general rule of thumb is:

* Discard all inbound traffic on external interface that is not part of a sequence initiated locally (firewall function)
* Allow all outbound traffic from trusted network (your home LAN) via internal interface (firewall function)
* Record all outbound traffic and store source and destination address with source and destination TCP/UDP ports in a table (NAT table)
* Re-write source IP and source TCP/UDP port (NAT function)
* Examine destination TCP/UDP ports on incoming traffic, IF it matches a mapping in the NAT table re-write and forward to host in trusted network, ELSE discard.

For servers/games you have to create:

1. A manual entry in the NAT table (aka IP forwarding)
* Tell the device that incoming traffic using TCP/UDP port XXX on the external interface is to forwarded to a host on the trusted network (NAT function)
2. A manual entry in your firewall rules
* Tell the device that incoming traffic using TCP/UDP port XXX on the external interface is permitted (firewall function)

For two firewall/NAT devices all this needs to be done twice! This is not recommended!

**maximus** · 29 December 2005, 14:04

Originally posted by Daywalker

Your Norton Firewall should allow the connections for the ports you have opened but control any malicous attempts to access your computer.

Is it working?

Do you need to amend the BT router also?

No I left the BT router alone .. it's working ...but my concern is that I have compromised security...

**maximus** · 29 December 2005, 14:08

Originally posted by NoddY

People often confuse firewalls with NAT, because both are usually on the same device or part of the same software.

The general rule of thumb is:

* Discard all inbound traffic on external interface that is not part of a sequence initiated locally (firewall function)
* Allow all outbound traffic from trusted network (your home LAN) via internal interface (firewall function)
* Record all outbound traffic and store source and destination address with source and destination TCP/UDP ports in a table (NAT table)
* Re-write source IP and source TCP/UDP port (NAT function)
* Examine destination TCP/UDP ports on incoming traffic, IF it matches a mapping in the NAT table re-write and forward to host in trusted network, ELSE discard.

For servers/games you have to create:

1. A manual entry in the NAT table (aka IP forwarding)
* Tell the device that incoming traffic using TCP/UDP port XXX on the external interface is to forwarded to a host on the trusted network (NAT function)
2. A manual entry in your firewall rules
* Tell the device that incoming traffic using TCP/UDP port XXX on the external interface is permitted (firewall function)

For two firewall/NAT devices all this needs to be done twice! This is not recommended!

Thanks... if I read this right then allowing the traffic is OK...on an off topic I also de-installed IPv6 to return to v4... (I was bored & percieved IPv6 to be slow) after the reboot I received this alert from Nortons...

"Rule "Default Block Bla Trojan horse" blocked (HOME111(172.16.0.1),1042).
Inbound UDP packet.
Local address,service is (localhost,1042).
Remote address,service is (HOME111(172.16.0.1),1042).
Process name is "N/A"."

This is what sparked my paranoia... 172.16.0.1 is registered to :

OrgName: Internet Assigned Numbers Authority
OrgID: IANA
Address: 4676 Admiralty Way, Suite 330
City: Marina del Rey
StateProv: CA
PostalCode: 90292-6695
Country: US

why would the IANA be wanting to put a trojan onto my PC? or have I read the alert wrong?

**pint** · 30 December 2005, 13:42

IANA 172.16.x.x

172.16 is reserved (by IANA) for private networks. IANA did not send you anything.

That packet could have been send by anyone (spoofed) or be part of normal comms with your router or dns/dhcp servers. Don't know what 1042 is used for, might also be dynamicly allocated by Windows. Don't worry about it, if you set up a real firewall you will see 100, 1000 or more scans each day.

Network Ports & Firewalls