Inbound / Outbound Firewall Rule Confusion

SaltandSauce · 24 Jun 2013 at 20:11

Hi Guys,

I've got myself a server that I've configured with a static IP address of 192.168.0.11 as you can see from the picture below.

The thing is, I'm not 100% confident in the inbound and outbound firewall rules that I've set within my router. I want to basically allow uTorrent and HTTP traffic but have this limited to the server with the address specified above. Do I require both inbound and outbound? Secondly, is the configuration that I've setup in the table below correct?

I've also got myself a new VPN server that I want to implement. I'll soon want to add this to the firewall rules to three different machines on the network. I know I'll need to specify the three machines but once again, I'm not confident in whether I'll require both inbound and outbound or just one of the two.

Any help would be much appreciated. Networking is still something I'm getting myself used to.

Thanks guys!

SaltandSauce · 24 Jun 2013 at 22:11

quackers said:
You shouldn't need to have any outbound rules, unless you're using some sort of Cisco device with access lists.

I'm a bit confused by the inbound rules, that looks to me (i could be wrong) that you are allowing all ports to 192.168.0.11 in the wan users section.

What router is it? If I port forward in on my netgear router, it's what ports I want forwarding to an IP, nice and simply that looks very confusing.

Thanks for the heads up man. I'll begin removing the outbound rules.

Unfortunately, I'm using this piece of crap (Sagemcom F@ST2504n) that Sky provided me. It's awfully limited with what you can do. It's that bad, you can't even rename the devices connected to your network to give you an idea of what's exactly connected.

I want to use the WebUI uTorrent service on my server and this the reason I've wanted to add firewall rules for my specific machine. I hope I'm doing it right? Do I specify the the one machine that I'm interested in? That being the server. And one more thing before I forget. When it comes to adding a specific port for my new VPN service, I intend on using it on three machines that have a static IP inbetween 192.168.0-5 to 15. For that, do I just add the range like I've done for the HTTP (80) outbound rule?

SaltandSauce · 24 Jun 2013 at 22:16

Here is a screenshot to clarify:

SaltandSauce · 24 Jun 2013 at 22:33

Thanks for the link, I'll be sure to read through it and hopefully get myself sorted.

Believe me, you're not missing anything. I've been considering buying myself a Netgear ADSL/Router combo so I can get myself DD-WRT and have a lot more features and possibilities. The interface is shockingly bad on the sagecom.

About the VPN, I recently paid for its service that I'd like to run on the girlfriends desktop, my own PC and my server. The VPN will allow me to use its service on three machines so I've got that covered. Now rather than enabling a random port each time, I'd much rather specify a particular port. Does it make any odds if I have it enabled to a random port each time?

As you can see from the screenshot above, I've added the port 33200 but it seems to me that I can only allocate one specific LAN IP. In the instance above, I'm specifiying my server. Would I need to add two more ports and assign them to both the girlfriend and my own PC IPs?

I hope this all makes sense and I appreciate the helping hand you're giving me! Thanks again mate!

SaltandSauce · 24 Jun 2013 at 22:50

Yeah certainly. I've recently purchased the following service: https://mullvad.net/en/

Anything else I can help you with, feel free to give me a shout.

SaltandSauce · 24 Jun 2013 at 22:59

Now IDEALLY, I'd like to have created a VPN connection using Windows, without having to rely on the software provided by the VPN for my own peace of mind and to help keep my server as lightweight as possible, but from what I can see, Mullvad does not specify the URL for their servers. Does this mean I've no other choice but to use the software provided?

Thanks again quackers, you really have been great!

SaltandSauce · 24 Jun 2013 at 23:26

Thanks for the heads up. As it stands, I'm intending on using the service to protect my privacy. All this news about the NSA in recent weeks has got me placing my tinfoil hat back firmly on my head.

I'm guessing it's not too big a confirm having it setup as a random port for each client that it runs on then? I can't imagine it is. I usually just like having everything logged within the router so I can keep an eye on what ports I have both open and closed.

SaltandSauce · 25 Jun 2013 at 09:27

Thanks for the help last night quackers.

I ended up deleting all outbound firewall rules that you can see from the screenshot above. With regards to the VPN, if there isn't any issue keeping the ports set to random, I'll just stick with that.

Tor is a fantastic service but I don't need complete anonymity like some people do.

SaltandSauce · 25 Jun 2013 at 14:59

Thanks for the heads up! Would I be required to add a separate port for each machine since I can only specify one LAN IP at a time? Or should I just go ahead and keep it set to a random port for each?