Basic Firewall Information
- What is a firewall
- What is NAT firewalling?
- Where can I get a firewall?
- What ports should I leave open?
- Does Network Tallahassee have a firewall?
- Troubleshooting firewall configuration problems
- Internet Security Main Menu
Network Tallahassee does NOT offer technical support for setting up firewalls or fixing incorrectly configured / misbehaving firewalls. The information below provides limited information about firewalls and some tips that may be of use to you. If the information here doesn't help you, you will need to contact the manufacturer of your firewall solution.
A firewall is a device or software that filters network traffic based on various criteria including IP addresses, protocols, ports, etc. Firewalls, when properly configured, can reduce the likelihood of computers and other network devices being attacked or hacked/hijacked by other people.
Generally speaking, there are two types of firewalls:
- Hardware-based firewalls
Hardware-based firewalls are firewalls that exist in network devices (including some DSL/Cable/ISDN modems and routers) and do not rely on software to run on any particular computers, other than software that may be used to upload configuration information into the hardware-based firewall. Because these firewalls reside on a network, they can be used to efficiently filter traffic for multiple machines. They also reduce the amount of "garbage" that may pass through the network trying to reach a particular computer.
- Software-based firewalls
Software-based firewalls are software applications that are installed on individual computers and with the exception of proxy servers, protect only the computer that the software was installed on. Software-based firewalls are most frequently used by dial-up customers and home/small-office users because they're cheaper and often only needed on a single computer.
NAT firewalling is a term sometimes used to refer to a pseudo-firewall that works by obscuring the IP addresses of computers that are within a network connected to the internet through DSL/Cable/ISDN modem/routers. These modems/routers often have a public IP address on the WAN (internet side) of the router, but have a private IP address (see RFC 1918 - Address Allocation for Private Internets for more information) on the LAN (local area network) side. The other computers on the LAN also have IP addresses within this same private IP address range. These NAT-configured routers typically prevent the outside world from communicating directly with devices/machines on the LAN unless the communications were actually initiated/established by the machines on the LAN. Machines on the public IP space of the internet are not able to distinguish machines behind NAT because they all appear to have the same public IP address that is actually assigned to the routing device. NAT references:
RFC 2663 - IP Network Address Translator (NAT) Terminology and Considerations
Here are some common software-based firewall applications (not listed in any particular order):
- Windows Firewall -- included with Windows XP and newer versions of Windows.
- Symantect (Norton) products
- McAfee products
- Zone Alarm
It's generally not a good idea to run more than one firewall application on a single computer; they may interfere with one another and cause unpredictable behavior.
Many DSL/Cable/ISDN modems and many routers have built-in firewalls that filter connections before they reach your computer, often eliminating the need for software-based firewalls on computers that are connected to the internet via a DSL/Cable/ISDN modem/router. Refer to your hardware documentation or manufacturer's website for information.
Many firewalls are configured by default with certain TCP and/or UDP ports open for OUTBOUND connections (connections that are initiated by your computer). The listing below contains some common ports and their use (port number, port type (TCP and/or UDP), purpose/usage). This list does NOT mean you should assume you need to leave all of them open!
|20||TCP||File Transfer Protocol (FTP) data||used for the actual data transfer during an FTP session|
|21||TCP||File Transfer Protocol (FTP) connection||used for transferring files back and forth between computers on the internet (e.g.: ftp://ftp.example.com)|
|22||TCP||Secure Shell (SSH) Transport Layer Protocol||used to interactively log into systems that support terminal sessions via encrypted authentication|
|23||TCP||Telnet||used to interactively log into systems that support terminal sessions|
|25||TCP||Simple Mail Transport Protocol (SMTP)||used for transferring mail between mail servers|
|53||UDP/TCP||Domain Name System (DNS)||required for your computer to "resolve" names like "support.nettally.com" into computer-usable IP addresses|
|80||TCP||Hypertext Transfer Protocol (HTTP)||World Wide Web (http://www.example.com)|
|110||TCP||Post Office Protocol version 3 (POP3)||used for retreiving mail from a POP3 server|
|123||UDP||Network Time Protocol (NTP) / Simple Network Time Protocol (SNTP)||used for time synchronization|
|143||TCP||Internet Message Access Protocol (IMAP)||used for interacting with mail on an IMAP server|
|443||TCP||HTTP protocol over TLS/SSL (HTTPS)||example: https://www.example.com/login|
|587||TCP||Message Submission for Mail||used by mail programs to submit mail to SMTP servers|
|1723||TCP||Point to Point Tunneling Protocol (PPTP)||virtual private networks (VPNs)|
|3389||TCP||Remote Desktop Protocol (RDP)||Remote Desktop (terminal services), Remote Assistance|
Network Tallahassee does perform limited firewalling in our border router that connects our network (and customers) to the outside world. Virtually all of the firewalling at this level is to prevent attacks and other forms of unauthorized access to our servers and network equipment.
We do NOT filter traffic to/from our customers with the following exceptions:
- We DO block RFC 1918 traffic at multiple levels within the network. This has no adverse affects on our network or our customers. See RFC 1918 - Address Allocation for Private Internets for more information. The three IP address ranges associated with this are:
10.0.0.0 - 10.255.255.255 (10/8 prefix)
172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
192.168.0.0 - 192.168.255.255 (192.168/16 prefix)
- We DO occasionally filter certain TCP and/or UDP ports to a limited extent that are associated with specific attacks and/or viruses. An example is a limited block on TCP ports 5554, 9995, and 9996 that the Sasser worm used for propogating itself across the internet.
If you're encountering problems with your firewall, you will need to consult the software's documentation and/or manufacturer for help. Troubleshooting information can typically be found in help files on your computer or in printed material that came with your firewall product. Information may also be available on the manufacturer's web site (typically in a Support section.
The following may be of help: