Re: Basic Firewall Question



Hi Boyd,

As you quite rightly say, your firewall would be of little use if it
blocked absolutely everything from entering your LAN.

In realitly, when you initiate a connection, for example http, your
computer will create a request to port 80 on the web server. This will
originate from a different port number, typically a port number greater
than 1024. Your firewall will see this outbound connection and will hold
this port (the high one) open to allow the traffic back in to your
network and direct it to the device that started the request. This port
will be held open by the firewall until it is no longer needed.

This is an over-simplified precis of the process but I believe it is
accurate in essence,

Me.


<BoydQuestion@xxxxxxxxx> wrote in message
news:1165264463.426057.75030@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Why does the firewall still pass traffic through when the deny rule
blocks anything going to the LAN? Here is the background of my
confusion:

Before any other rule rule trumping, my firewall allows the LAN to
send
data to wherever it wants. However, by default the firewall also
prevents anything from going to the LAN, with the deny rule processed
at a higher priority. Here are the rules:

Allow Default
----------------------------
Source: LAN, *
Destination:: *,*
Protocol: *,*

Deny Default
----------------------------
Source: *,*
Destination, LAN, *
Protocol: *

Therefore, I can understand how my client web browser can send a
connection request to a web server, but why does the web server
response passes through to the client when the deny rule blocks
everything. I know that server responses need to get passed back to
the
client connection. Otherwise the Internet would not work very well.
I
just want to know what I am misunderstanding about how the router
works.

Thanks for your time,

Boyd



.



Relevant Pages

  • Re: XP Firewall blocking Linksys Print Server
    ... When I turn on the the Internet Connection Firewall, ... I added an exception for port 9100. ... > IPX packets that this Linksys print server wants to use. ... protect the machine and set rules for LAN side IP. ...
    (comp.security.firewalls)
  • Re: Can only connect to local RWW, over internet cannot
    ... This if from my working LAN. ... I am testing this tool from my own lan and says 4125 port is closed, ... It has a hardware sonicwall firewall. ... move to the server. ...
    (microsoft.public.windows.server.sbs)
  • RE: win2k firewall
    ... web server...both the firewall and web server would be ... necessary between the Internet and a LAN. ...
    (Security-Basics)
  • DS10, dual NICs to both LAN and DMZ of a firewall; doable?
    ... Its on a NAT'ed LAN behind a firewall that also provides a DMZ ... All access to the Alpha is from the LAN (or effectively so ... the firewall for port 25 to it. ...
    (comp.os.vms)
  • Re: Help! 1 to 1 NAT on Linksys RV082 opens up firewall!
    ... It opens up ALL ports to the LAN machine you are 1-to-1 NATing. ... need multiple servers on the same port that can't overlap i.e. ... buying a firewall if I just end up going around it. ... I talked to Linksys support today in California and was ...
    (comp.security.firewalls)