How to open ports and troubleshoot Windows Firewall?
Monday, 06 April 2009 14:45 | 
Firewall is a piece of software protecting your computer against intruders and unauthorised access from network. Windows XP comes with internal system firewall. It is obviously not the best solution, however it provides some basic protection utilities. In this tutorial I will show you how to open ports and troubleshoot network connections if suspected firewall misconfiguration.
Your system's firewall should remain 'ON' as default but sometimes it is forced to turn off during software installation or updating. In such case we need to manually check if it is on or off. In systems with installed Service Pack 2 and above, status is monitored all the time by Security Center and in case if system detects Windows Firewall turned off, relevant system message will pop up in your task bar.
You can access your firewall through Control Panel (Start>Control Panel) and click on Windows Firewall. Relevant window should pop up on your screen:
 |
| Pic. 01. |
 |
| Pic. 02. |
On this tab you can manually add, edit or remove exceptions. If you want to add a program just click Add Program... button:
 |
| Pic. 03. |
You can select a program from your list or click Browse to search if not listed. Next you can specify computers or networks for which this program is unblocked. As default, program can be accessible for all computers including those on the Internet, however you can adjust security by secifying from what IP addresses or networks it can be accessible. By clicking Change scope... you can tick other options such as:
- My network (subnet) only: in such case only computers belonging to your network will have an access to the program. For example if your IP address is 192.168.1.102 and your network address is 192.168.1.0/255.255.255.0 only computers from IP range from 192.168.1.1 to 192.168.1.254 will have an access.
- Custom list: you can manually specify IP addresses of computers or networks allowed.
You may also require to open ports for particular applications or services. You may find some pre-configured options such as FTP (port 21) or Telnet (port 23) which is enough to tick or untick and confirm, however you may also need to add some ports manually. Just click on Add Port... button:
 |
| Pic. 04. |
Input name for Exception and port number than tick relevant protocol. By clicking Change scope... button, similarly like unblocking programs, you may adjust security by allowing connections from particular computers or networks. Confirm by clicking OK.
Depending of the type of network you are connected to, you may require more or less restrictive firewall's settings. For example: connected to your LAN network at work, you will require to have an access and allow access to various of services such as FTP, Telnet or Remote Desktop. Remaining the same ports open while connected to public network will make your computer easy target for potential intruders.
Windows Firewall allows you to set up different rules for different network connections. Just switch to Advanced tab:
 |
| Pic. 05. |
Chose network connection you wish to configure and click Settings... .
 |
| Pic. 06. |
As shown on picture above, there is many pre-configured ports. All you need to do before ticking relevant port is to input IP address, FQDN or NetBIOS name of computer hosting this service on your network. You can also add another exception by clicking Add... button.
How to troubleshoot firewall settings?
1. Make sure that Windows Firewall is ON and activated on troubleshooted network connection (see Pic. 01 and Pic. 05).
2. Check if opened ports are in listening or established state.
Go to Command Prompt and issue command:
netstat -a -n
You should see output similar to this one:
 |
| Pic. 07. |
Last Updated ( Tuesday, 07 April 2009 15:35 )
Comments