hi, i need help for configure my roter/firewall netgear
i need to close all ports except the ports for normal internet navigation. i
tryed to left open only the 80 but it doesn't work..it's impossible to open
google..
someone can explain me what range of ports i have to open for make only
possible use a browser for navigate?
thank you
and please excuse my bad english
adrians
Post removed (X-No-Archive: yes)
adrians wrote:
> hi, i need help for configure my roter/firewall netgear
> i need to close all ports except the ports for normal internet navigation. i
> tryed to left open only the 80 but it doesn't work..it's impossible to open
> google..
> someone can explain me what range of ports i have to open for make only
> possible use a browser for navigate?
> thank you
> and please excuse my bad english
> adrians
>
>
All ports on the router are closed by default on the router. The ports
are only open if you have manually configured the router to open a port
by doing "port forwarding" in the router's administration configuration
screens, which is a special case where you must open a closed port or
ports.
The other way that a router will open a close port is when a program
running on a machine behind the router has sent outbound traffic to a
remote IP on the Internet. If that happens, then the router is going to
open the required port or ports for inbound traffic back to the machine
that has the program running that sent the outbound traffic, so that
traffic can be received back. This happens automatically that the port
or ports are opened, which is called a "solicitation for traffic", and
then the port or ports are closed again.
In the case of your machine that's behind the router, you are using a
browser program on the computer, and you sent outbound traffic (you
initiated the contact) to the Website, the router is going to
automatically open the inbound port or ports so that the traffic can
come back to the computer that has the browser program running. That is
a "solicitation for traffic" the browser has made and the router is
going to open the required inbound ports to let the traffic through to
the machine that made the request, and then the router is going to close
the port or ports.
The other type of inbound traffic that will reach the router is called
"unsolicited inbound traffic". Unsolicited inbound traffic is going to
be (blocked/the port is closed), because it's unsolicited traffic -- no
machine behind the router running a program has made a solicitation for
the traffic by sending outbound traffic. Unsolicited traffic is
*blocked*/ port closed.
So, you have no need to be trying to close any ports manually, because
they are closed by default, until the *solicitation* has been made.
I suggest you return the router to its default state out of the box by
doing a *hard reset* - holding the *reset* button down for 30 seconds or
more, which will set the router back to what it was before you did
anything.
Here is the special case where you must manually open the port or ports
so that program running on the machine behind the router can receive its
inbound traffic. In this case, unsolicited traffic is allowed to reach
the machine. The program doesn't make the solicitation but must receive
inbound traffic.
http://www.homenethelp.com/web/explain/port-forwarding-dmz.a sp
You should keep the computer out of the DMZ.
Duane :)
Post removed (X-No-Archive: yes)
None? Because this goal isn't achievable.
>
> Your router can't tell the difference between browser (HTTP) and
> anything else using port 80, but to sort of answer the question, you
> need to have HTTP (80) and DNS (53) available so that your computer can
> resolve the site names - so, you can block everything except 80 and 53.
order to email me
And perhaps HTTPS (443) as well.
Post removed (X-No-Archive: yes)
"Sebastian Gottschalk"
news:4t98phF12cdtvU1@mid.dfncis.de...
> adrians wrote:
>
>> hi, i need help for configure my roter/firewall netgear
>> i need to close all ports except the ports for normal internet
>> navigation. i
>> tryed to left open only the 80 but it doesn't work..it's impossible to
>> open
>> google..
>
> Sorry, but that's so obvious... your really shouldn't bother with things
> you obviously don't understand.
>
>> someone can explain me what range of ports i have to open for make only
>> possible use a browser for navigate?
>
> None? Because this goal isn't achievable.
Schwachkopf, trottelchen
adrians wrote:
> hi, i need help for configure my roter/firewall netgear
> i need to close all ports except the ports for normal internet navigation. i
> tryed to left open only the 80 but it doesn't work..it's impossible to open
> google..
> someone can explain me what range of ports i have to open for make only
> possible use a browser for navigate?
> thank you
> and please excuse my bad english
> adrians
Check are the router built-in firewall support definition of custom
rules. If yes. You can do it by defining two rules.
That might look something like this.
For both rules Direction -> Outbound
1. Rule (Have to be placed first)
Protocol-> TCP
Source Address -> Any => Port -> Any
Destination Addres -> Any => Port -> 80
Action -> Allow
2. Rule ( Have to be placed after rule above i.e. second in this case)
Protocol -> Any
Source Address -> Any => Port -> Any
Destination Address -> Any => Port -> Any
Action -> Block
This should do the job. But you will be able to do it only if your
router built-in firewall support defining of custom rules (You need to
define _outbound_ rules).
Post removed (X-No-Archive: yes)
Leythos wrote:
> If he can't do DNS then it won't do much good to allow port 80 - he
> needs to allow DNS outbound to resolve website names also. As one other
> poster mentioned, he might also want HTTPS (443) so that he can browse
> to SSL based sites.
If you configure network connection on a computer in a way that DNS
server is your router (router have to support this) Firewall rules are
by-passed. To use HTTPS he has one additional rule to create (Same as
for http, and place them for example second).
I tested this on my router and it worked. Only TCP traffic on port 80
was allowed.
Post removed (X-No-Archive: yes)
Leythos wrote:
> In article
>> Leythos wrote:
>>> If he can't do DNS then it won't do much good to allow port 80 - he
>>> needs to allow DNS outbound to resolve website names also. As one other
>>> poster mentioned, he might also want HTTPS (443) so that he can browse
>>> to SSL based sites.
>> If you configure network connection on a computer in a way that DNS
>> server is your router (router have to support this) Firewall rules are
>> by-passed. To use HTTPS he has one additional rule to create (Same as
>> for http, and place them for example second).
>>
>> I tested this on my router and it worked. Only TCP traffic on port 80
>> was allowed.
>
> Not all routers act as DNS proxy.
>
Unforunatelly. But if his router does, he can try, it is three rules to
add only. It is not hard to erase them if they are not working.