How do i open and close ports, but most importantly, open them? I need to open certain ports to allow a game to autopatch, but i dont know how. I'm using a Cable Modem, no router. I need to open ports 21, 80, 4500, and 6900.

Check the manual for your cable modem.

There wasnt a manual :( just come with a double sided page reference guide of trobleshooting connection, and how to set it up :confused:

You have a cable modem and NO router? When you go to sleep at night, do you leave the doors open and the lights on with a big sign that says please rob me?

Go and get a router. GO NOW! Do not pass GO do not collect $200.00. In addition, you should also get a software firewall.

Once you get the router, you can open and or close ports pretty much at will.

If you have no firewall you have ALL ports wide open.
:eek:

Why do i need a router? Also, after running a port scan and netstat -a, it showed the ports i needed weren't open. Is there no comman i can type in to open ports?

First and foremost, what is your operating system?
If you are running XP, you might have the XP firewall enabled. If enabled, configure that to open/close ports.

You really don't need a router to be protected. A freeware firewall is more than enough. If you have no firewall installed, it is highly suggested that you get one.

Finally, head to http://grc.com/default.htm and click on the ShieldsUP! link and proceed. You can test for open, closed and stealth ports.

IM running XP. How do i configure the XP firewall to open and close ports?

You first need to know if you have the XP firewall enabled. :D

This is how I would check on my computer. It may differ with yours.
Control Panel > Network and Internet Connections > Network Connections > Right click on "Local Area Connection" and click Properties.
Then click the Advanced tab. Then you'll know if XP firewall is enabled.

If it is enabled, just click the Settings at the bottom. The rest is pretty easy to figure out.

If it is NOT enabled, and you know no firewall is enabled, then the ports you wish opened are already opened.
To verify, visit that link that I posted above and follow through.

Routers are inexpensive and provide much greater protection than just using a software firewall. Since so many of these worms/trojans/malware programs disable anti-virus software and software firewalls it is imperative to have BOTH a hardware and software firewall. With my little linksys router, nobody even knows I'm out there. It's cheap safety and well worth while.

classicsoftware,

I was going to leave will enough alone, but felt some explanations are in order.

Isn't a router for incoming packets? As far as I know, routers are configured to allow incoming ports, not outgoing.

If the software firewall is defeated by a Trojan/virus, doesn't that negate the router? Where is the anti-virus that is suppose to stop this Trojan/virus that can disable the software firewall?

Are you saying those without routers are more vulnerable that those with routers? You work for Linksys?

I'm not about to run out and tell my friends who have single computers and on dialup that they need a router else they want Trojan/virus invading their systems. If you feel the need to do this, more power to you. I honestly feel that a anti-virus and software firewall is more than adequate for the average user.

There is a difference between common sense security and overboard paranoia. Why connect to the Internet at all since it's a huge threat?

Do people with dial up need a router, NO! but if you read the original post,
How do i open and close ports, but most importantly, open them? I need to open certain ports to allow a game to autopatch, but i dont know
how. I'm using a Cable Modem, no router. I need to open ports 21, 80,4500, and 6900.

you will see I was replying to the request for information by the original poster.

I stand by my statement. If you have a broadband connection, it would be foolish, in my opinion, not to invest the $50.00 in a router. I like the fact that my ports are invisible to the outside world.

This whole conversation is based on the original poster request to control ports on his broad band connection for game playing.

And no, I don't work for Linksys. I have installed dozens of them. They are easy to install, work flawlessly and they have great tech support.

Originally posted by classicsoftware
I like the fact that my ports are invisible to the outside world.
Freeware or bought software firewalls do the exact same thing.

Telling someone to get a router along with software firewall is kind of redundant regardless of Internet connection.

The main purpose of routers is to connect a home network. Anything beyond that is a bonus.

If someone asked you if they either needed a router or a software firewall, what would you tell them regardless of their Internet connection? A freeware software firewall or $50+ router in addition to a network card (if no LAN on the motherboard) plus cables.
You know my choice. :)

Do you also realize that most broadband modems can act as a incoming firewall, right? Pretty sure mine does.

Originally posted by John0904
Do you also realize that most broadband modems can act as a incoming firewall, right? Pretty sure mine does.

And since supershenlon needs to open ports for gaming, this is also quite clearly the case in this instance. It's also the case for my DSL modem, and I had similar trouble playing Americas Army when I got broadband.

supershenlon, to find out how to open ports, you need to get the manual for your modem from the manufacturers website, and that should tell you how to do it.

To digress from the main topic..
A router is needed if you have multiple computers sharing an internet connection the reason is, that's what it is built to do and is simpler for the average user than setting up ICS or a proxy. Extra security is a n added benefit.

The term "modem" for DSL and cable connections is misleading, because many of them have the same features as a router. A router routes packets based on IP addresses, the ones commonly used for home pc's also do NAT and some have a rules based firewall built in.

To protect yourself from malicious attacks does NOT require the use of a router. A simple firewall and AV is usually more than enough security, if you also set up your browser security correctly and do basic windows permission securities. For the average user who leaves themselves wide open, you should also use a spy ware tool. The reason why people get infected is because they open themselves up to getting attacked by lax security and ignorance of the methods of attack. Windows 2k and XP have the built in capability to produce a excellent firewall, that no one uses, and it's free.

Classic I think your confusing hardware firewall with NAT. NAT is a HUGE security feature built into most routers but, it is not a true "Firewall." A firewall does two things; it allows or denies packets flowing through it. NAT simply hides the internal IP addresses from the external network (Inet) and this protection does not come with a software firewall.


SUPERSHENLON
John0904 is right, check out the XP firewall. Next, you need to look online and find your modem guide as Pave_Spectre said.
A lot of great info available for you here. Link (http://www.cable-modems.org/)

This is good prep for my Net+ exam coming up : )
Someone needs to ask some Netware questions...

Variable

Get a cable or DSL connection and go to GRC.COm it will probe your ports and give you a report. Hook up a Linksys router and repeat the test. You will clearly see the difference, I have. I use a router and a software firewall. When I install a software firewall on a dial-up connection, there are always incoming requests from people scanning for IP address and ports. With my router, Zone Alarm never shows me an incoming request to block as NOBODY knows i'm out there as my ports ar invisible.

Originally posted by classicsoftware
When I install a software firewall on a dial-up connection, there are always incoming requests from people scanning for IP address and ports.

And did they ever get through?

With my router, Zone Alarm never shows me an incoming request to block as NOBODY knows i'm out there as my ports ar invisible.

Those requests are still there. Suddenly having a different device doesn't make them go away. It just shifts the location of where they are being detected and logged.

Originally posted by pave_spectre


And did they ever get through? Yes, had a client with software firewall, got a virus that disbaled the AV and the firewall and then got the blaster worm. It would not have happened if he had a router.



Those requests are still there. Suddenly having a different device doesn't make them go away. It just shifts the location of where they are being detected and logged.

NO. There are no requests sent. The ports are invisible. No port scanner knows I am out there. They are not being blocked and logged by the router. They bounce off. Sort of like the Stealth Fighter the radar pings for it, it just does not show up. That's why GRC calls the ports stealth. Go to the GRC site read what they say. Take the test.

I stand by my original recomemndations. For maximum security, if you have a broadband connection, you should have three things:

1) A fully up to date AV program

2) A fully up to date Software firewall

3) A hardware router that hides all of your ports from the rest of the world.

Here is a short tutorial from M$ explaining how to open ports if you're using the firewall in XP.

http://www.microsoft.com/security/protect/ports.asp

Hope it helps a little...:)

Originally posted by classicsoftware
Take the test.
That I just did.
My router log from GRC site...
Sunday, June 20, 2004 5:59:02 AM 732076 Unrecognized access from 204.1.226.228:58936 to TCP port 0
Sunday, June 20, 2004 5:59:01 AM 732071 Unrecognized access from 204.1.226.228:58936 to TCP port 25
Sunday, June 20, 2004 5:59:01 AM 732071 Unrecognized access from 204.1.226.228:58936 to TCP port 23
Sunday, June 20, 2004 5:59:01 AM 732071 Unrecognized access from 204.1.226.228:58936 to TCP port 22
Sunday, June 20, 2004 5:59:01 AM 732071 Unrecognized access from 204.1.226.228:58936 to TCP port 21
Sunday, June 20, 2004 5:59:01 AM 732071 Unrecognized access from 204.1.226.228:58936 to TCP port 0
Sunday, June 20, 2004 5:59:01 AM 732071 Unrecognized access from 204.1.226.228:58936 to TCP port 0
Sunday, June 20, 2004 5:59:01 AM 732071 Unrecognized access from 204.1.226.228:58936 to TCP port 5000
Sunday, June 20, 2004 5:59:01 AM 732071 Unrecognized access from 204.1.226.228:58936 to TCP port 1720
Sunday, June 20, 2004 5:59:01 AM 732071 Unrecognized access from 204.1.226.228:58936 to TCP port 1030
As seen, my router blocked the requests.
Without a router, the software firewall would have blocked those same requests!
What is the baseline difference? Nothing. The requests either way would have been blocked. Redundant? I think so.
That is to say someone with a router doesn't need a software firewall as some would think. Quite to the contrary. A software firewall can actually prevent programs connecting to the Internet whereas a router can not do that.

So to cap off...
If someone with any sort of router... You need a software firewall.
Those with any sort of software firewall... You don't necessarily need a router.

supershenlon,
What game are you trying to open ports for?

What the test with a software firewall would show is the Ports are there but NOT open and there is a difference. They don't show up as stealth. If they are visible, but blcoked, then the rest of the world know there out there and they can be hacked if someone wants to....

Is it redundant, sure. That's why some people lock there doors before they put on the burgular alarm. Redundant, sure. Are you saying you can have too much security.....

Originally posted by classicsoftware
What the test with a software firewall would show is the Ports are there but NOT open and there is a difference. They don't show up as stealth.

Wrong.

My software firewall shows exactly the same thing as John0904s router, that all ports are 'stealthed'.

Are you saying you can have too much security.....
Yes.

You guy's are obviously free to do as you see fit and so am I. I feel since programs can get buy that will inactivatre anti-virus and software firewalls it is till prudent to have a router. It is good peace of mind for very little cost and no performance issues.

We can debate this all day. I'm glad your ports are stealthed as oppsoed to closed but visible. I'll stick with my router and software firewall and you stick with software firewall....

have a great day guys...

I would have to agree with Classic in that is more prudent to have both a NAT capable router, and a software firewall, for a permanent connection to the web.

The purpose of a router is to route inbound / outbound packets of data. Which can be filtered / redirected. NAT is IP redirection. It's main purpose is to connect multiple internal computers to the internet via a single IP address. A big side benefit is the security you get by hiding your computer completely from the web. IP Scans etc just bounce off the hardened router firmware / OS.
As such, they are not really needed by dialup users who are can suffice with a decent software firewall, and who only connect intermittently. However, if a dialup user is connected a lot, like during business hours every day, then they should really splash out and get a hardware router for the additional protection. It can also greatly increasethe effective traffic throughput of your web connection as it's optimised for TCP routing.

Most software firewalls have flaws (www.securityfocus.com) that can be exploited / disabled / incorrectly configured. XP's Internet Connection Firewall is crap - it only filters inbound but not outbound traffic. No application layer firewall. XP Sp2 is addressing this later this year.
NAT is an IP Addressing technique that is extremely difficult to overcome, and hides your internal computer(s) from the web. A lot of the more decent ones will also do PAT (Port Address Translation).

If you are using a software firewall, then get one like ZoneAlarm, Tiny PErsonal Firewall, or Kerio Personal Firewall that provide an application firewall layer (that prevents them from being disabled, and prevents abuse of Mail and IE Browser programs, especially the MS ones that have GOD rights into your Windows OS !!). Firewalls dont provide AV nor Spyware blocking either, and this is the MOST COMMON machine compromise.

You also must run Windows Update periodically, as well as run a Spyware Scanner like "Spybot Search & Destroy" which is free from www.safer-networking.org.

I bet that if you run Spybot on your machines now, you'll be surprised what your router / software firewall has let be installed by your IE browser !