[Resolved] PrivateFirewall and Internet sharing (ICS)

Discussion in 'other firewalls' started by rsmamoru, Jun 26, 2013.

Thread Status:
Not open for further replies.
  1. rsmamoru

    rsmamoru Registered Member

    Jun 26, 2013
    It seems that these two threads have the same problem:
    http://www.wilderssecurity.com/showthread.php?t=325250&highlight=privatefirewall sharing
    http://www.wilderssecurity.com/showthread.php?t=329483&highlight=privatefirewall sharing
    PrivateFirewall is blocking the ICS.
    But I can't add my reply there, because those threads are too old.

    I did some experiments to the rules.
    Yes, it is true, the key is in the System services in the Applications section.
    The easiest way is to put it in "Allow Traffic" mode, but we are worrying about the security holes :doubt:

    This is what I've done to the rules:
    1. Allow all incoming ICMP requests
    2. Allow all outgoing ports
    3. Allow some incoming ports
    This is just my opinion. We are free to use any doors when we are going out, but we have to be selective to what are coming in. I hope an expert can explain this.

    Allow all incoming ICMP requests
    Double-click System services, double-click Incoming ICMP messages, click Details..., check all the checkboxes that end with the word "Request".
    Actually, I don't know about them, except the "Echo Request" is required for pinging. So maybe the other requests are also required for other functions.

    Allow all outgoing ports
    Add new rules:
    • All TCP Out, outgoing, TCP, any to any
    • All UDP Out, outgoing, UDP, any to any

    Allow some incoming ports
    Add new rules:
    • HTTP TCP In, incoming, TCP, 80 to any
    • HTTP UDP In, incoming, UDP, 80 to any
    • HTTPS TCP In, incoming, TCP, 443 to any
    • HTTPS UDP In, incoming, UDP, 443 to any
    Enable those rules for the security level you want.
    Now we can surf the internet from the ICS clients.

    Additional: Allow torrent ports
    Torrent clients use some special ports. For example, I use µTorrent (I translate it into Indonesian :-*). This application uses UPnP port and NAT-PMP port.
    So I add those ports to the rules:
    • UPnP In, incoming, UDP, 1900 to any (already available)
    • UPnP In, incoming, TCP, 2869 to any
    • NAT-PMP In, incoming, UDP, 5351 to any

    If you need another connections, such as SMTP, POP3, IMAP, FTP, then you have to add their ports.

    That's all we need to safely allow connections to the ICS clients in "Filter traffic" mode :)

    Attached Files:

Thread Status:
Not open for further replies.