Title: Port forwareding Post by: Tokas on Thursday 07 March 2013, 07:09:17 pm i have 2.3 version and dont understand something....i wanted to open one port so some program can access internet....i was looking at dnat to do that but i couldnt...i searched internet but couldnt get it done....so i set rule on 'outgoing traffic' and it worked....now can you tell me is that it?must i config something else?is my network safe?i didnt have any contact with hardware firewall so i musat ask these questins :D
Title: Re: Port forwareding Post by: karlhenselin on Wednesday 15 May 2013, 09:30:46 pm if you want to access something on the Internet, outgoing is the right one.
If you want to access something inside from outside, then you need DNAT. Title: Re: Port forwareding Post by: Syntax42 on Saturday 18 May 2013, 12:27:31 am To clarify, an outgoing firewall prevents connections from being established from inside your network to the outside. This can be helpful in preventing malicious programs which use uncommon ports from sending information out, but can also prevent desired programs from connecting to the internet. The most practical application of the outgoing firewall is reducing the use of unauthorized programs on a corporate network, but this may not be effective because many programs are using common internet ports and protocols to bypass firewall restrictions.
Unless you have a server running inside your network, you should not forward ports. Doing so enables connections to be made from the outside directly to the computer the ports are forwarded to, at any time. If that computer has a service listening on that port, and that service has a vulnerability or bug, an attacker could potentially exploit that service to do harm to that computer or your entire network. Closing ports is considered an effective line of defense against attackers, which is why standard routers are suggested for use in every network, as a bare minimum. If you opened a port on your outgoing firewall, that does not allow traffic to return to you on that port unless your computer established a connection with an outside computer first. Then, only that IP address can send data to you on that port, which doesn't create a significant risk. Typically, ports remain open for a short duration, and close after no communication is used on that port by your computer or the computer you are communicating with. I'm not sure of the exact time, but it seems to be around a minute. |