Announcement

Collapse
No announcement yet.

Stupid Router question

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Stupid Router question

    I got my Linksys Cable Router last night and I was wondering if there was anyway to automate the selection of what Ports are left open on the firewall. Also is there any way I can get what ports are left open from using Zonealarm ( I was using this before I got the Linksys and it has what I need to use open already) so I can use it to configure the Linksys Router?


    Thanks

    Scott
    Why is it called tourist season, if we can't shoot at them?

  • #2
    Unsure

    Which router?

    I would guess the function would have to come on the CD for the router or from the maker of Zonealarm. I have a Linksys router and it does not have a whole lot of fields for allowing or blocking specific ports, IP addresses, etc . . . They are meant for home use and not for anything terribly serious. If you want a decent, cheap firewall take an old PC (even a P75), install two NICs, and use Linux Redhat.

    This almost did not occur to me. Why are you using both a hardware and software firewall?

    Comment


    • #3
      Maybe.

      Zonealarm produces a log file based on hits.
      I suppose a program could be written to read the log into a Linux Firewall box though you would have to proof the IPs as some are perfectly valid hits from your ISP.

      Comment


      • #4
        I WAS using Zonealarm, before I got the Linksys Router to answer that question


        Scott
        Why is it called tourist season, if we can't shoot at them?

        Comment


        • #5
          What do you want the ports open for?
          Do you mean "keep" the ports from using ZA?
          chuck
          Chuck
          秋音的爸爸

          Comment


          • #6
            I guess I should be a little clearer...

            I wanted to know what ports where left open by Zonealarm, so I can use this info to configure my Linksys Router. I wanted to get away from Zonealarm since I'm going to have 3 other computers hooked up to the router that aren't going to be in the same room.
            Why is it called tourist season, if we can't shoot at them?

            Comment


            • #7
              Logs and Settings

              Zone Alarm would keep track of that in either it's log files or some settings files. Check for those including in the registry.

              Some to keep open are:
              8: Ping - ICMP
              25: smtp - Outgoing mail. - udp/tcp
              80: http - Web Browsers, etc . . . - udp/tcp
              109: pop2 - version 2.0 for sending mail - udp/tcp (Not really used)
              110: pop3 - version 3.0 for sending mail - udp/tcp
              143: IMAP - TCP/IP
              144: News - TCP

              Some of these links are intense but you can sift through and find useful information.

              <a href=http://www.iana.org/assignments/port-numbers>http://www.iana.org/assignments/port-numbers</a>
              < a href=
              http://www.chebucto.ns.ca/~rakerman/...able.html#IANA>http://www.chebucto.ns.ca/~rakerman/...able.html#IANA</a>
              <a href=http://www.chebucto.ns.ca/~rakerman/trojan-port-table.html>http://www.chebucto.ns.ca/~rakerman/...ort-table.html</a> - Trojans - Of course keep these closed.
              <a href=http://www.linux-firewall-tools.com/linux/ports.html>http://www.linux-firewall-tools.com/linux/ports.html</a>
              <a href=http://support.microsoft.com/support/kb/ARTICLES/Q240/4/29.asp>http://support.microsoft.com/support.../Q240/4/29.asp</a> - DirectX

              Comment


              • #8
                ZA doesn't allow anything to come in by default. You must allow ports to come in.
                To answer your question, the answer is, it depends on what you want to allow into your internal network. Everythign that uses the TCP protocol requires a port#. telnet, ping, ftp, smtp, etc... Usually these are things that you initiate from the inside and send out. So, in essence, you don't want to allow anything through your firewall unless you initiate the connection first. Now, this won't be true in all cases but most cases. Some things are tricky too such as FTP whre the connection can be passive or non-passive. You will need to understand these things in order to configure your firewall. I've never used a Linksys router so I have no idea how it works. bottom line is this:

                1. You want to allow any connection that you initiate to come back through the firewall so you have two-way communication.

                2. If you are acting as a server for something, lets use FTP for instance, then you will need to allow that port number into your firewall.

                3. One thing that confuses everyone is that you may go out on port 80 for HTTP connections but it comes back in on a different port#. This is normal for all TCP apps. Now, if you allow port 80 to come into your firewall, you are essentially saying that you are the web server. You are not a web server in this case so don't allow port 80 in.

                Sorry I babbled so long, hope this makes sense and let me know if you have any questions.
                Ladies and gentlemen, take my advice, pull down your pants and slide on the ice.

                Comment


                • #9
                  Unless you are running some kind of server, you don't have to do anything to the Router setup about ports.
                  The router does all that stuff transparently for you.
                  chuck
                  Chuck
                  秋音的爸爸

                  Comment

                  Working...
                  X