Sign in with
Sign up | Sign in
Your question

Firewall behind a firewall?

Last response: in Networking
Share
January 19, 2012 5:02:00 PM

After living with dial-up ever since Al Gore invented the internet, I FINALLY got broadband, through a WISP. I bought a Linksys E3000 and it works fine on my combined wired / wireless home LAN. All computers are Windows XP SP2. I had some questions that I would really love to have answered concerning network security. I have file and printer sharing turned on. When I ran the port scan service from GRC.com, it showed ports 21, 22, 23, and 80 as open. This concerned me, so I called my WISP and he assured me my system is safe. He said he needs certain ports open to service his equipment. He also said the equipment he installed (the antenna unit) has a built-in firewall. The E3000 has a firewall. Windows XP has a software firewall. So why do these ports show open? Should I be concerned?

My other questions are, where exactly does the internet connection IP come from? Is there a way to ping the individual computer's IP address that are on my LAN from outside the LAN? Is there a way to test or confirm the security of my LAN from internet threats? I have the E3000 configured to NOT return a ping, so why am I able to ping the internet connection IP?

Thanks for any help.

More about : firewall firewall

January 19, 2012 5:16:46 PM

Your open ports are commonly used for:

21: FTP
22: SSH
23: telnet
80: HTTP

If you know your WAN address, you can always try accessing those ports from outside your network. go into your browser and put in:

http://<WAN IP ADDRESS>/

and see if anything is actually listening on port 80. You can also open a command prompt on a remote computer and type in:

telnet <WAN_IP_ADDRESS>

and see if anything is listening on port 23. try similar stuff with the other ports. i'm not sure why port 20 isn't open as that is also needed for FTP.
m
0
l
January 19, 2012 5:48:27 PM

Hawkeye22 said:
i'm not sure why port 20 isn't open as that is also needed for FTP.


So they HAVE to be open? I'm confused because when I do the same thing with my work LAN, which is comcast with a Motorola cable modem/router, *ALL* ports show "stealth." Why is that?

I forgot to mention. I did what you suggested and was unable to connect by typing my WAN IP into my browser. From the command prompt, I got: "could not open connection on port 23, connect failed.
m
0
l
Related resources
January 19, 2012 6:34:36 PM

No, they don't have to be open unless your WISP requires it to be. I just said they are open because you said GRC.com reported them open. The suggestions I listed earlier were just to see if there are any actual applications listening on those ports, which according to your test there doesn't appear to be any.

At work, they are showing up as stealth because the firewall you have at work is blocking or dropping data packets to those ports.

I can possibly see your WISP requiring port 22 (SSH) open. I don't see why he needs the other ports open, especially since it doesn't appear he has any software listening on those ports. Since there is nothing listening on those ports, I don't think it's a cause for concern. If you feel strongly about it, you can always go into your router and block those ports.
m
0
l
January 19, 2012 6:52:02 PM

Hawkeye22 said:
If you feel strongly about it, you can always go into your router and block those ports.



I'm at work now so I can't do anything until I get home. I assumed my firewall would block ALL ports, otherwise, what's the point?
m
0
l
January 19, 2012 6:58:24 PM

If the firewall blocked all ports, how would you get your email or view web pages or share files and printers, or play online games? Some ports must be open, the direction, inbound or outbound is another thing.
m
0
l
January 19, 2012 8:15:20 PM

Hawkeye22 said:
If the firewall blocked all ports, how would you get your email or view web pages or share files and printers, or play online games? Some ports must be open, the direction, inbound or outbound is another thing.


Sorry, I assumed you would know what I meant, which was the firewall should close all ports to all inbound packets that were not initiated by my end, which according to the port scan done by GRC, is NOT the case.
m
0
l
January 20, 2012 11:19:31 AM

Depending on the firewall, some default ports are left open, especially if there is a common program that uses that port. Your WISP may have also configured it that way for a reason. Anyhow, you can always go into the router and close those ports.
m
0
l
January 21, 2012 12:42:03 AM

Hawkeye22 said:
Depending on the firewall, some default ports are left open, especially if there is a common program that uses that port. Your WISP may have also configured it that way for a reason. Anyhow, you can always go into the router and close those ports.


I don't understand. If my firewall is working, how can my WISP open and close the ports to my computer?
m
0
l
January 23, 2012 10:56:04 AM

iliya1 said:
When I ran the port scan service from GRC.com, it showed ports 21, 22, 23, and 80 as open. This concerned me, so I called my WISP and he assured me my system is safe. He said he needs certain ports open to service his equipment. He also said the equipment he installed (the antenna unit) has a built-in firewall.


If they set up your router/antenna they can change the remote admin user name and password. That is all you need to configure the router. You even said he left certain ports open to service his equipment.
m
0
l
!