hi, i need help for configure my roter/firewall netgear i need to close all ports except the ports for normal internet navigation. i tryed to left open only the 80 but it doesn't work..it's impossible to open google.. someone can explain me what range of ports i have to open for make only possible use a browser for navigate? thank you and please excuse my bad english adrians
Sorry, but that's so obvious... your really shouldn't bother with things you obviously don't understand.
None? Because this goal isn't achievable.
All ports on the router are closed by default on the router. The ports are only open if you have manually configured the router to open a port by doing "port forwarding" in the router's administration configuration screens, which is a special case where you must open a closed port or ports.
The other way that a router will open a close port is when a program running on a machine behind the router has sent outbound traffic to a remote IP on the Internet. If that happens, then the router is going to open the required port or ports for inbound traffic back to the machine that has the program running that sent the outbound traffic, so that traffic can be received back. This happens automatically that the port or ports are opened, which is called a "solicitation for traffic", and then the port or ports are closed again.
In the case of your machine that's behind the router, you are using a browser program on the computer, and you sent outbound traffic (you initiated the contact) to the Website, the router is going to automatically open the inbound port or ports so that the traffic can come back to the computer that has the browser program running. That is a "solicitation for traffic" the browser has made and the router is going to open the required inbound ports to let the traffic through to the machine that made the request, and then the router is going to close the port or ports.
The other type of inbound traffic that will reach the router is called "unsolicited inbound traffic". Unsolicited inbound traffic is going to be (blocked/the port is closed), because it's unsolicited traffic -- no machine behind the router running a program has made a solicitation for the traffic by sending outbound traffic. Unsolicited traffic is
*blocked*/ port closed.So, you have no need to be trying to close any ports manually, because they are closed by default, until the *solicitation* has been made.
I suggest you return the router to its default state out of the box by doing a *hard reset* - holding the *reset* button down for 30 seconds or more, which will set the router back to what it was before you did anything.
Here is the special case where you must manually open the port or ports so that program running on the machine behind the router can receive its inbound traffic. In this case, unsolicited traffic is allowed to reach the machine. The program doesn't make the solicitation but must receive inbound traffic.
Duane :)
It's good to see that you can't help him, it just shows how you can't do anything without your firewall mantra.
Your router can't tell the difference between browser (HTTP) and anything else using port 80, but to sort of answer the question, you need to have HTTP (80) and DNS (53) available so that your computer can resolve the site names - so, you can block everything except 80 and 53.
If you purchase a firewall that can tell the difference between HTTP and port 80 traffic, you can limit your network to only allowing HTTP sessions instead of anything that uses port 80, and you can limit DNS to your ISP's DNS servers.
None? Because this goal isn't achievable.
order to email me
And perhaps HTTPS (443) as well.
Glad you caught that, I forgot HTTPS on 443.
Schwachkopf, trottelchen
Check are the router built-in firewall support definition of custom rules. If yes. You can do it by defining two rules.
That might look something like this.
For both rules Direction -> Outbound
Protocol-> TCP Source Address -> Any => Port -> Any Destination Addres -> Any => Port -> 80 Action -> Allow
Protocol -> Any Source Address -> Any => Port -> Any Destination Address -> Any => Port -> Any Action -> Block
This should do the job. But you will be able to do it only if your router built-in firewall support defining of custom rules (You need to define _outbound_ rules).
If he can't do DNS then it won't do much good to allow port 80 - he needs to allow DNS outbound to resolve website names also. As one other poster mentioned, he might also want HTTPS (443) so that he can browse to SSL based sites.
If you configure network connection on a computer in a way that DNS server is your router (router have to support this) Firewall rules are by-passed. To use HTTPS he has one additional rule to create (Same as for http, and place them for example second).
I tested this on my router and it worked. Only TCP traffic on port 80 was allowed.
Not all routers act as DNS proxy.
Unforunatelly. But if his router does, he can try, it is three rules to add only. It is not hard to erase them if they are not working.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.