Announcement

Collapse
No announcement yet.

[resolved] How can I tell if I have a firewall up and running?

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    #16
    Re: [resolved] How can I tell if I have a firewall up and running?

    Here's what is great to see:


    GRC Port Authority Report created on UTC: 2011-06-12 at 16:31:17

    Results from scan of ports: 0-1055

    0 Ports Open
    0 Ports Closed
    1056 Ports Stealth
    ---------------------
    1056 Ports Tested

    ALL PORTS tested were found to be: STEALTH.

    TruStealth: PASSED - ALL tested ports were STEALTH,
    - NO unsolicited packets were received,
    - NO Ping reply (ICMP Echo) was received.

    UFW not installed here -- just default Debian Sid. But I have gone through all the settings options on my TrendNET router and tried to make it as tight as possible.

    You might want to look into the advanced settings for your router -- disable "DMZ", disable "WAN ping respond", and stuff like that.

    Comment


      #17
      Re: [resolved] How can I tell if I have a firewall up and running?

      Originally posted by charles052
      Well, I just enabled my firewall and I also got a firewall through my router/modem. I just did a ShieldsUP scan and I've got three ports that aren't stealthed. Anyway to stealth these last three?
      If you have a NAT router with firewall enabled between your laptop and the internet, shieldsup is probing your router's firewall and none of the traffic generated by shieldsup is getting to your laptop or it's firewall (unless you have set up some port forwarding on your router to forward the traffic to your LAN network or DMZ).

      So you have to check your router configuration to stealth the three ports reported as closed. And if you wish to test your laptop's firewall you'll have to take out your router (and it's firewall) out of the equation, like plugging your laptop directly into your modem (if it is a separate device).

      Ports found to be CLOSED were: 20, 21, 500
      20/21 are ftp ports and 500 is used by IPSEC (do you have ipsec passthrough enabled on your router?).

      Not sure if I should even worry about it since all ports were closed.
      Not really, a result of closed means shieldsup got a response of "no service here" (REJECT) when it probed the port instead of the firewall dropping the request with no response (DROP). But it is usually educational to find out why the firewall didn't drop the packet.

      Comment

      Working...
      X