Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

< Previous Section: Firewalls - How a Firewall Works  Table of Contents   Next Section: Understanding Linux Services

2.3      Configuring a typical Router based Firewall

Let’s assume you have a wireless base station, router or DSL/Cable modem that has a built in firewall. The management interface for these devices is typically accessed via your favorite web browser. For example Microsoft sell a wireless base station (the MN-500) that you access by going to 192.168.2.1 in your browser. The Linksys WCG routers use 192.168.0.1 while the Linksys WRT range of  routers are accessed via the 192.168.0.1 IP address. Check the documentation for your device to find the correct IP address. 

Once you have logged into the setup screen of your Router you will hopefully find a number of security related options:

2.3.1      Enable your Firewall 

The device will have a status screen that tells you about the configuration. Make sure that the Firewall is enabled and if it is not make sure you enable it. Most devices will default to having the Firewall enabled but it is wise to check.

2.3.2      Port Forwarding 

A typical port forwarding screen is shown in figure 2.3.2. On this screen you specify which ports are to be open on your firewall and to which computer on your internal network incoming communications to this port should be forwarded. For example 192.169.1.12 is my Linux system. You will see that I have port 80 forwarded to this IP address. This is because I run a web server on my Linux system and web servers communicate through port 80. Port 21 is used by the FTP file transfer protocol. I often use ftp to transfer files to and from my Linux system when I am traveling so I need this port open and forwarded. Similarly port 22 is also forwarded to enable me to use the Secure Shell (ssh) to gain remote access through the firewall to the Linux server.

Port Warding Configuration Screen
Figure 2.3 - A typical Firewall Port Forwarding Configuration Screen

If you don’t have a need to use ftp, aren’t running a web server and have no need to log into your system from outside make sure no ports are being forwarded.

2.3.3      Discard Pings

Check to see if your firewall has an option to discard pings. Attackers will often ping random IP address to find out which ones are alive. Discarding ping packets reduces the risk that an attacker will find you on the internet. 

2.3.4      Application Triggered Port Forwarding

Some applications (particularly internet games) need to communicate through multiple ports. Most firewalls have application triggered port forwarding to address this requirement. In order to configure the Firewall to support your particular game or application you will need two pieces of information – the outbound port and the inbound port used by the application. Check with the documentation of supplier of the game or application in question if you do not know the ports that are needed. 

The inbound port that has been specified will not be opened by the Firewall until data is sent to the outbound port by the application. This ensures that the inbound port is not left open until it is needed. After a period of inactivity both the inbound and outbound ports will be automatically closed by the Firewall.

2.3.5      DMZ – The Demiliterized Zone 

The DMZ setting allows you to specify a computer on your network for which all ports are open. What this means is that there is effectively nothing protecting that computer from access and attack from outside – as though there was no Firewall between the computer and the internet. You may wonder why you would want to do something like that and infact we strongly counsel against ever using this feature. It is included here so that you know what it does and that you need to avoid it.

< Previous Section: Firewalls - How a Firewall Works  Table of Contents   Next Section: Understanding Linux Services >

 
 
  © Copyright 2005-2010 Linuxtopia. All Rights Reserved.