PDA

View Full Version : more firewalls.....



tweak\'e
04-10-2002, 03:46 PM
just wondering how many people actually take the time and trouble to make the rules for their firewall (exspecially tiny/kerio users) or do you just hit the default allow settings?

Chilling_Silence
04-10-2002, 03:54 PM
Firewall... What Firewall????

Chilling_Silence
04-10-2002, 03:56 PM
Actually, At work the LAN has a firewall... and at home, It slows down the PC too much.. What with WinAmp3, several browser windows, several MSN windows... Must upgrade that RAM. When I did have ZoneAlarm, It kept asking me, and it was a lot of fun picking and choosing, not too bad actually. I used to have NetStorm - Islands of War (PC Game) and I played that with the FireWall, Sending data only, but not allowing it to come back in!!! I have no Idea what the effect was, but I'm pretty sure the servers were going wild :p

-=JM=-
04-10-2002, 05:18 PM
I don't allow anything, then when it asks for access I decide then.

Mike
04-10-2002, 05:21 PM
Using Kerio,

I watch for what it is trying to communicate, which direction (in or out), and to what URL. If I allow it, then it's usually the default setting, if I don't allow it, then it's not at all. Occasionally I'll go through and set them manually, but usually the default works for me.

Mike.

Graham Petrie
04-10-2002, 07:00 PM
I have applications allowed on a case by case basis (allow or block when asked by firewall). As far as my home network is concerned, I have two rules.

1. Allow file sharing with other PC Allow incoming and outgoing traffic to the other PC's IP address on UDP ports 137-139 on both machines.

2. Allow ICS Allow incoming and outgoing traffic on TCP ports 20,21,80 and 443 on both machines.

Any comments from those who know about the dangers of doing this should comment. i am pretty sure that this is OK. Better than allowing all trafic on all ports to that IP IMHO.

G P

Chilling_Silence
04-10-2002, 07:14 PM
Hey, If it works, Dont Knock it!

tweak\'e
04-10-2002, 08:48 PM
>1. Allow file sharing with other PC Allow incoming and outgoing traffic to the other PC's IP address on UDP ports 137-139 on both machines.

shareing over the net or lan? if net its seriouly dangerous. most people make it a point to close ports 137,139.

Gorela
04-10-2002, 09:09 PM
Tweakie,

From the post 137 & 139 are running on the internal network. I was more interested in the fact that he is running an FTP and HTTP server. Are those ports necessary for file sharing music?

Chilling_Silence
04-10-2002, 10:06 PM
Well, I guess it depends of your filesharing Prog, I know WinMX lets your specify which ports it uses.

Graham Petrie
04-10-2002, 11:03 PM
OK, those permissions are all restricted to IP address 192.168.0.2 only on my NIC (internal network.) Now obviously, if someone somehow gains access to the network through the internet, they may have a field day, but as those ports are not open to the modem, I think I am safe. The reason why I allowed FTP and HTTP ports was because I thought they would be necessary for the other PC to use FTP and HTTP clients over through the internet gateway. Am I right???

If i just use windows explorer to transfer files over the network, and I want the second PC access to the internet, what ports, etc should I have open??

Cheers.

G P

tweak\'e
04-10-2002, 11:26 PM
do you need to have any rules for the network side? just ad 192.168.0.2 as a trusted ip.

the reason i asked the question is i suspect some people are just allowing every program full access reguardless. trying to work out what ports a program uses is a pain to say the least.

Gorela
04-10-2002, 11:37 PM
Graham,

From my understanding of TCP/IP communications you only require those ports ie 443, 80, 21 open IF you are running those services. By closing ( or better yet, having the packets dropped ) those ports it stops outsiders connecting and doesn't interfere with your access.

The normal communication would be to port 21 on the internet computer and then another port ( often 30000+ ) is opened in your computer for receiving data.

So, best bet is to close them.

Graham Petrie
04-10-2002, 11:49 PM
Gorela - I just removed the rule explicitly allowing the activity on the TCP ports. ICS still works, so I guess you're right.

I will leave the rule for the UDP ports as I know if that is turned off, filesharing doesn't work.

Cheers

G P

-=JM=-
05-10-2002, 11:59 PM
I must say that I dislike ZA now.

I'd disabled it from startup because I was at a LAN. But it still had it's True Vector (vsmon) still running on startup. had me confused for quite a while.