Help with Firewall Rules needed

Discussion in 'other software & services' started by beethoven, Jan 13, 2008.

Thread Status:
Not open for further replies.
  1. beethoven

    beethoven Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    1,044
    I set up a new storage hub from Netgear http://www.netgear.com/Products/Storage/NetworkStorage/SC101T.aspx for backup purposes. The relevant pc all run XP and run two programs. The main program is Z-Sanservice.exe which connects the relevant pc with the storage hub. A second program provides for synch/backup.

    My firewall (OP4) is having issues with Z-Sanservice.exe constantly popping up alerts and I don't know enough to answer them. Normally the rules are created automatically. Can someone with more insight please help.
    The requests are for inbound connections via UDP 4962 from the storage device to my local ip address, once I allow this an outbound request comes up for udp:20001 for 255.255.255.255, once I allow this an inbound request follows UDP 4963 to my local ip from the storage centre, then another inbound UDP 4996 and it keeps going on and on. I could give a blanket permit to allow all for this application but don't know if this would leave me wide open. I don't know what else to do to continue working. It seems the number of ports is endless.
     
  2. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,

    The broadcast 255.255.255.255 is for a single IP address so you should be ok.
    Still, I suggest you make manual rules, allow inbound udp from storage ip to your local on a needed range of ips and another allowing outbound udp from your local ip to the storage ip. Restrict to single (local ip) and if you use dhcp, then to a local range.

    I don't use outpost, but the rules would be something like:

    Storage to local ip:
    allow, inbound, udp, source xxx.xxx.xxx.xxx, port a-b, dest xxx.xxx.xxx.xxx, port c-d, for program.exe

    And vice versa:
    allow, inbound, udp, source xxx.xxx.xxx.xxx, port a-b, dest xxx.xxx.xxx.xxx, port c-d, for program.exe

    Replace relevant ips, ranges, ports and program names.

    I have something similar in my home network, with different firewall, but works well.

    Mrk
     
  3. beethoven

    beethoven Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    1,044
    Mrk,

    after your last response I did not have to do anything as Outpost suddenly stopped asking me. Seems the "learning" curve for custom rules had ended, so I left it at that.
    The other day some of the internal ip on our network shifted and all of a sudden I am going again through this seemingly endless sequence of request for one udp port after the other.

    Looking at your suggestion, I would like to set a parameter and the only relevant one (to replace the current constant queries from Outpost) would be from my local address to remote address where protocol is UDP and local port is ? You suggest a range a-b - how do I know which ports are relevant for this program? At the moment I have already gone from 2992 to 3064 and previously had to allow some ports in lower ranges? For all I know this silly game might continue to port 4000 or 5000 or whatever, then again I don't know enough. There might be ports I should not open for security reasons? Any suggestions re the port range?
     
  4. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,
    Broadcast should be on lower ports, but then setup for every port ...
    Mrk
     
Loading...
Thread Status:
Not open for further replies.