Re: DLINK DI 707P firewall-question
From: Christian Gorecki (christian.gorecki_at_post.rwth-aachen.de)
Date: 02/09/04
- Next message: chris: "kerio network slowdown"
- Previous message: KerplunKuK: "Re: Reporting an attack"
- In reply to: Hans Pesata: "Re: DLINK DI 707P firewall-question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 09 Feb 2004 19:23:41 +0100
On Mon, 09 Feb 2004 08:53:26 +0000, Hans Pesata wrote:
> Hi Christian!
>
> thanx for your reply!
>
> I am not quite sure if I am using firewall or filter settings,
> I was just using the described IP-filter-settings.
>
I've just taken a look at your first posting in this thread and I think
you set up a firewall rule. You may check this by connecting to your
d-link's web-interface and take a look in which section you have entered
the rules, either in "Advanced->Filter" or in "Advanced->Firewall".
[snip]
> I suppose Internet Explorer uses port 80 for http and Outlook uses 110 for
> POP3.
Yes of course!
That are the destination ports!
If two computers "talking" to each other they connect from one port
(source port) of host A to another port (destination port) of host B.
So I'm sure that even Outlook can talk to the pop3-server you use, but the
answer from the pop3-server may be filtered by your firewall.
So you will ask why isn't the answer to the internet explorer requests
filtered. This is what I've already tried to explain you. May be the
Internet Explorer uses destination port 60000 and Outlook uses destination
port 3000. So the answer from an webserver (from WAN to LAN) may pass,
because the firewall on your d-link accept answers to high ports, but the
answer from your pop3-server is filtered, because your firewall don't
realize that it is an answer, may be because port 3000 isn't high enough.
This is what I guess, because of my own experiences.
> I dont understand why IE works and Outlook doenst with the settings I
> used...
> what I would like to understand is how outgoing rules affect incoming
> traffic,
They don't, but if you got a worm, trojan, ... on one of your hosts in
your local LAN they can use all open ports (from LAN to WAN) to connect to
any host in the internet and give this host a connection to your LAN, or
at least sending it information from your computer. So less open ports
from the inside to the outside result in more security.
> is there a connection ? for example how can I make sure that it is not
> possible that somebody
> from the outside connects to my LAN via port 139 (Netbios) ?
The default configuration should discard all Connection-Requests fom the
outside.
Only DMZ settings and the Virtuell-Server function can make your hosts in
your local LAN reachable to the outside. So if you don't use this
settings nobody can connect to port 139 from the outside.
Please keep in mind that this isn't absolutely correct, because the only
firewall that is absolutely sure is not connecting your box to any other
host or the internet.
I hope this helps.
Greetz,
Christian
- Next message: chris: "kerio network slowdown"
- Previous message: KerplunKuK: "Re: Reporting an attack"
- In reply to: Hans Pesata: "Re: DLINK DI 707P firewall-question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
