cancel
Showing results for 
Search instead for 
Did you mean: 

Firewall Settings for ADSL

N/A

Firewall Settings for ADSL

Newbie, so sorry if this is the wrong place to ask.

I'm just got an ADSL connection (wow, it's fast).

I'm using a standalone computer to develop applications with SQL Server Developer Edition, but if I try using SQL whilst I'm online my Firewall (Norton Internet Security) kills the SQL. I did have TCP/IP setup as:

IP: 192.168.0.1 Subnet: 255.255.0.0

With that IP address set as Trusted under Internet Zone Control, before I got ADSL.

Should I replace that with the Static IP & Subnet given to me by plus.net ?

Is it safe to set that address as Trusted in my Firewall, or will doing that let anybody connect to my stuff ?

Is that address my machine or my door to the universe ?

Thanks
11 REPLIES
N/A

Firewall Settings for ADSL

You dont tell us how you conect to the net ie router usb modem etc.
It makes a diffrence as if its a router there should be no difference. If you have a modem then you have in effect two connections your 192 connection and your internet connection.

If you enabled your sql port on the internet ip it would be open to the world(have you patched SQL?).

You should be able to keep the sql port open on your normal ip but block it on the net.
N/A

Firewall Settings for ADSL

Thanks

I'm using a basic USB Modem, supplied with the Plus.Net starter pack. My instance of SQL Developer is patched up to service pack 3, but I still don't want it to be visible to the world.

I have discovered though that changing to named pipes in ODBC setup seems to get round the original problem, so I think I'll leave the firewall locked down.

Thanks for your help.
N/A

Firewall Settings for ADSL

IP: 192.168.0.1 Subnet: 255.255.0.0
this IP address is a class C, so the subnet mask sholud be 255.255.255.0
Don't know if this will solve your problem though
N/A

Firewall Settings for ADSL

While in terms of the rules, 192. is class C. However, this is just the way it should be split up on larger networks, providing 254 (or 255, I hate binary math) 254 host subnets.

However, math doesn't prevent you using 255.255.0.0

I had this working very sucesfully for a year, before I switched to assigned DHCP, and chose a more suitable subnet.
Mark_Dowd
Grafter
Posts: 102
Registered: 08-08-2007

Firewall Settings for ADSL

The only problem with using the wrong subnet mask is if you are trying to talk to a host on an "adjacent" subnet. The mask is used to compare the "network" portion of the local IP address to the "network" portion of the target IP address. If they are the same then the packet is dropped onto the local network, otherwise it is directed to the "Gateway", as configured in your TCP/IP settings. For example:

PC Configuration
IP Address: 192.168.0.2 (255.255.255.0)
Gateway: 192.168.0.1

Wireless Router Configuration
Local IP Address: 192.168.0.1 (255.255.255.0)
Upstream IP Address: 192.168.7.2 (255.255.255.0)
Upstream Gateway: 192.168.7.1

ADSL Router Configuration
Local IP Address: 192.168.7.1 (255.255.255.0)
...

As you can see, each box must know where to send packets not on the local network segment.

Now...
If the PC had its IP subnet mask set to 255.255.0.0, it could happily reach stuff "out there" on the net, but never directly reach any equipment on the 192.168.7 network. This is because it would assume that they were "local", the network portion of both addresses being 192.168, whereas the correct configuration identifies that 192.168.7 is different from 192.168.0.

Whew! I hope that makes sense. I got this from a "high priest" of IP some years ago.
N/A

Firewall Settings for ADSL

Makes perfect sence.

As you noted, the mask is used to compare where this system is, in relation to the destination node.

Most home networks are single subnet, and using the 192 Class C subnet with a 255.255.0.0 is not going to hurt the setup
N/A

Firewall Settings for ADSL

yep, thats fine until you try to add another subnet, which, yes,you might well not ever do, and spend ages trying to get it to work.
Surely its a lot simpler to do it right?
Wink
N/A

Firewall Settings for ADSL

It's a lot simpler with a dedicated DHCP server, but that is another story.
N/A

Firewall Settings for ADSL

Yeah, but even then it's a good idea to set the DHCP server up with an appropriate subnet.

For instance 255.255.255.240 restricts your local network size to 16 ip numbers with two of them lost (the bottom one is the network address and the top one the broadcast address and cannot be used for client devices) Therefore you can have up to 14 devices on your local network.

You can get even more restrictive than this if you want. The Subnet 255.255.255.252 allows you to have only two devices on your local network. This can be a good way of stopping outsiders on the street connecting their laptops to your wireless network as the DHCP server won't give them a valid IP number. 255.255.255.248 allows a maximum of 6 client devices, you can then restrict the scope within DHCP to the number of devices you actually have on your LAN. If you can make these leases permenant then you are back in a fairly secure wireless environment.

Tim
N/A

Firewall Settings for ADSL

Good point.

DHCP provides a single point from which you can make changes, should you wish to increase that size.

However I must point out, if you have outsiders connecting to your WLAN, then you should be looking at more than using subnetting for security.

Subnetting isn't a security measure, and shouldn't be considered as such. You shouldn't even decrease the size of your subnet, unless you plan on expending your network using LAN routers.
Mark_Dowd
Grafter
Posts: 102
Registered: 08-08-2007

Firewall Settings for ADSL

My NetGear FM114P includes an option to only accept connections from known MAC addresses. Even this could be a problem if the connection request was "sniffed" and then "spoofed". Then you need to specify WEP, with known, manually configured, keys. It depends what you are trying to protect against.

On another topic, if you accept DHCP from PlusNet, you get a subnet mask of 255.255.255.255, with a "next hop" of your own IP address. I think that this translates to "just route all requests through here". It works fine when a PC is directly attached, receiving valid DNS addresses as well, but the Firewall component of the FM114P treats all responses to "local" requests (HTTP, POP3 etc.) as externally originated conversations, and blocks them!

I'm working on getting this sorted out.