MTNL Broadband: POrt forwarding

[powerontop]

Hi Friends,
Now that I have tasted the Blood, I want to expand my horizons and want to use all apps I used to use in my dialup days such as p2p(number of them), IRC, MSN/Yahoo etc etc.

But I am very security consious and am habitual to using firewalls, and thus comes problems with my DSL. On dialup, my modem and my machine were the same so firewall on my machine automatically applies to the modem which is not true now since the DSL modem is a seperate machine now.

So my questions are :

1. Should I enable the router's firewall? Is it good, stable and flexible for defining rules?
2. I have firewall running on my machine too(Linux), effects of router firewall/port forwards on it?
3. I have put in port forward on my router yesterday for Gnutella and eMule following the link on this forum. But still got lowid. Is the router port forward not setup properly? Currently firewall on router is disabled. Is the firewall on my machine the culprit?
4. Effects of opening up port forwards on internal machines. Since now anyone can connect to my machine due to ports being open. Good Firewall rules can be used to prevent damage. Need light on this too on how to acheive this.

If someone can put down port forward and firewall settings giving specific examples to configure say eMule, FastTrack(Kazaa), giFT, Gnutella, Yahoo etc then it would be great. I am open to contributing towards the same.

I have looked at www.portforward.com. Helpful but needs detailing specific to 502T. I have read the Port forward doc on the Sticky Links on this forum too. Let this topic be the Ultimate guide to using/setting up Firewalls and Port forwards.
I am currently using Linux but have Zone Alarm firewal on my XP but I don't use XP at all. You all know why

Thanks for your responses.

 

[bad_till_bones]

What I know....DSL & Firewall r anti of each other. U will hve to loose one thing in order to gain the 100% of other. Yeah, in sum cases u can have 50% - 50% of each other.Wht I want to say is.....u can have Firewall settings n DSL connection running simultaneously. But, it can be gud 4 some applications but will conflict in others.As per ur questions:1. Not advisable. Its not stable n moreover can screw ur whole system.2. Two firewall(s) always create conflict, but as per port forward goes, it can run, but u need to adjust the same settings on ur linux firewaal too. But remember, do not run the router and linux firewall simultaneously.3. By "lowid", I am assuming u r talking abt. low speed (not acceptable in P2P connections). Mate, first rule, if ur getting connected (P2P), let it be low or high speed, ur linux firewall is not the culprit. Coz. the connection has been made. Had it been the firewall, u wud not have been able to connect at all. Particularly, in P2P, it depends on the network too, the number of ppl in network, the connection on the other side of network, network choking n hell lot of other things. Also, as mentioned earlier, do not enable the Router firewall. However, if u still doubt the linux firewall, disable it n then check.4. Yes, it can be dangerous, if u have open ports. For this reason only u need a firewall on ur machine. Sorry mate no idea abt. Linux firewall. N yes, I am connecting P2P n Torrents w/o any port forwards or extra settings on my router or firewall. Hope, u don't need it at all........MTNL does'nt block any ports mate.Hope it helps a lil........

 

[adwait]

The port forwarding on the router seems to be wierd.....it never quite works properly. I tried a very long time to host my HTTP server using the port forward until I finally gave up. Now, I am running the router in bridge mode, so the setup is similar to you dial up days when your modem and computer are the same machine. That way, you can run the Linux firewall (I guess you are running iptables?). This way, you easily add rules to the iptables thru linux, and they will be properly applied. Also in this setup, whatever ports are open on your computer will show up as open on the net, so no port forwarding business.

 

[powerontop]

Originally posted by bad_till_bones+Sep 8 2005, 02:09 PM-->QUOTE(bad_till_bones @ Sep 8 2005, 02:09 PM)
What I know....DSL & Firewall r anti of each other.  U will hve to loose one thing in order to gain the 100% of other.  Yeah, in sum cases u can have 50% - 50% of each other.
[/b]

Damn. Nature can't be this cruel. Must be some way. Lets explore.

 

[waterloo_sunset]

Yeah, configuring this router has been a nightmare. Have managed to forward all the ports used by p2p applications installed on my comp. Not gonna enable the router firewall in a million yrs. Have had enuff problems already. Windows firewall is enough for me. Btw anybody know wt port MSN messenger uses coz in the conn settions it shows am on a non-Upnp restricted connection and am unable to transfer files or anything.

 

[adwait]

I believe its 1683 for MSN.

 

---

[bad_till_bones]

Originally posted by powerontop@Sep 8 2005, 06:31 PM
I tried port forward with local firewall Active. Got lowid in amule, could search for files but could not download any. Then closed it and connected via giFT, same stuff(it doesn't show lowid etc though), got download speed of 4-5k. Damn. Then disabled my firewall then retried, amule still lowid. I think coz filters on router page don't get saved inspite of clicking apply anyone knows why?  Then tried giFT with local firewall disabled. Got 20-(27-28k) constant speed. But I am all bare to the cruel outside world. That is what worries me.
[snapback]24440[/snapback]

[/quote]

Thts why I said - "DSL & Firewall r anti of each other. U will hve to loose one thing in order to gain the 100% of other. Yeah, in sum cases u can have 50% - 50% of each other".

Mate, ur concern is rite........we all want tht. But believe me, hve tried many settings rather still trying......

 

[powerontop]

Originally posted by bad_till_bones@Sep 9 2005, 08:47 AM
Thts why I said - "DSL & Firewall r anti of each other. U will hve to loose one thing in order to gain the 100% of other. Yeah, in sum cases u can have 50% - 50% of each other".

Mate, ur concern is rite........we all want tht.  But believe me, hve tried many settings rather still trying......
[snapback]24506[/snapback]

[/quote]

Ok something that has been hauting in my mind for a long time. Anyone out here having good experience with IPTables firewall of Linux? What I am thinking of doing is this.
"Allow outgoing or incoming connections ONLY if the connection was initiated from inside or part of an ongoing session". For this you require a Statefull Firewall and not sure if IPTables is one and if it can take such decisions.
I come from FreeBSD background and I know freebsd firewalls could do this with ease. Just Love it. But no too sure if linux firewalls can do this. If we can write such a rule then we can atleast be sure that other than a Trojan, even if my machine is open to the Internet due to port forward, no one can hack me unless I initiated this connection.

Any idea?

Thanks.

 

[adwait]

Well actually, if you have a trojan installed on your computer, IT will initiate the session, so basically the session is initiated from your side......so your rule fails to stop it Not many trojans etc. are known for the Linux or *nix systems.....Anyway, I have a little bit of experience with iptables, but I don't think such a rule is possible...........then again, you never know........Adwait

 

[powerontop]

Originally posted by adwait@Sep 9 2005, 02:11 PM
Well actually, if you have a trojan installed on your computer, IT will initiate the session, so basically the session is initiated from your side......so your rule fails to stop it

Not many trojans etc. are known for the Linux or *nix systems.....

Anyway, I have a little bit of experience with iptables, but I don't think such a rule is possible...........then again, you never know........

Adwait
[snapback]24531[/snapback]

[/quote]

Yes I mentioned that for Trojans

With regards stateful rules, I found the way for iptables heres the link for posterity http://iptables.org/documentation/HOWTO//p...ng-HOWTO-5.html

Thanks.