Stealthed TCP ports

[euston]

I am stealthing my hardware firewall. I need to know which destination ports for inmcoming traffic (apart from the well known ones that I have already made invisible)) I need to 'stealth'. Put it another way, I would like to know which destination ports I must NOT stealth in order to allow browser and FTP traffic originating from my system. There should be no services available to the Internet public.

My Internet usage context is browser use and web publishing uploads.

 

[angerdriven]

as long as you aren't running a server behind the firewall you most likely won't have to do a thing as it should be ready to go out of the box. you can test the stealth of it at grc.com.

 

[jimbopalmer]

there are mail systems which will test TCP port 113, if you mail acts funny you may need to unstealth it, but mostly it is fine to stealth them all. I tried to remain child-like, all I acheived was childish.

 

[compuveg]

On a hardware firewall, all ports should be 'stealthed', so to speak. Unless you specifically say to forward port# X to IP# A.B.C.D, the firewall should just drop any inbound packets that weren't requested. This is stealthing.

It depends on the make of the firewall, but generally all outbound (destination) ports are open by default. If this is not the case, you would want to open outbound port 80 for web requests, 443 for SSL requests, and 21 for FTP requests. The firewall should automatically open the port for the response.

With FTP, make sure you're using it in PASV mode, which is required behind a firewall. MSIE's got a setting in the advanced options for this, and most FTP clients have a setting for this, or autodetect the need for that setting.

 

[euston]

Thanks guys. I have since discovered the delights of stateful packet filtering which is the answer to my wants.

Regards,
Euston.

 

[Flipz]

Hey guys,

I recently got my dial-up changed with a good 128K cable connection but from 2 weeks some friends of mine and I are experiencing strange problems which at first annoying started to get really serious. The problem is the following:

Our cable modems are connected to the PCs through LAN (mine is from RealTech but I heard it happens to Intel's and 3Com's cards). The connection is going pretty well when suddenly the traffic stops, then in some time it resumes, but to resume it immediately one should click on Network Properties -> Repair (on WinXP Network). When I ran a ping on some site it is going well, then it returns 10 to 30 Request Timeout (no connection there) and then it resumes after the "Repair" trick. We thought that it was the ISP but it happens only to our Windows XP/ME/2000 so we thought it might be some issues with the operation system or drivers because some friends of mine on 98 or Linux are not experiencing this problem at all.

Could anyone tell me whether he knows what the problem might be because it is really really difficult to download something when you are not arround :-((

Thank you in advance for your help and I hope someone help us!

Svetlin