How to Setup a Firewall (Noob Friendly)
What is a firewall
A firewall is a piece of software or hardware that controls the incoming and outgoing traffic of a computer connected to a network. This can be very useful if you’re sharing you internet connection, have multiple computers or want to access your comp from other locations. The idea is to limit who can connect to your computer and what ports they can use.
Why use a firewall
There are many reasons why people choose to use a firewall. While Basic internet security practices such as not opening suspicious email or attachments, using good passwords and anti-virus software are very important in protecting your computer, they do not offer much protection against attacks from other computers on the network.
Also if you have been careless enough to open a port on your router, which is used for sharing files and printers over the network, they could be at risk from viruses on other machines. Another reason would be if you are in a small office where there may only be one internet connection for multiple users or if you have given someone else access to your PC.
Why do I need one
Like we just mentioned, there are many reasons why you may want to setup a firewall. If you have multiple computers on your network and don’t know which computer the virus entered from or if there is someone with access to your PC that doesn’t know much about security then it would be best for you to run a firewall.
Also setting up a firewall on your router is a good idea. It will allow you to set rules for certain computers that are connected to the network, meaning if you have children using the internet then you can block certain sites from their computer without having to stop them accessing it completely.
While all Operating Systems come with some form of built in software firewall, it may not be enabled by default or you may feel more secure having a hardware solution. The firewall I will be showing you how to setup is called SUSE Linux and it’s probably the most popular distro used on servers.
How to setup a firewall on your home network
A firewall is a network device that controls the incoming and outgoing traffic. you can protect your home network by setting up rules on these devices.
The following will explain how to setup a basic firewall on your home router. This method works for both wired and wireless networks. However, I will only highlight some steps here so you can choose which one applies to your needs best.
You need two things:
1) password for your router (if not already set – it’s usually ‘admin’) and login for the web interface
2) an empty line in your router’s firewall configuration. If you already have rules, just add a new rule that will allow some kind of return traffic (e.g ALLOW OUTBOUND)
1. login to the router web interface
Routers are usually at 192.168.*.* (not sure?), but for example I use: http://192 . 168 . 1 . 1 as the address in my browser so I can access my router from anywhere on my network. Just replace this with yours to access your own router’s web interface menu. You may need to enter username and password here, which is usually ‘admin’ and ‘password’.
2. find out where is your WAN/internet connection.
In my example, the connection is labeled as ‘MODEM’ (or PPPoE). Click the link to jump to the page where you will see your status.
3. find out what kind of traffic is allowed outbound and inbound on your internet connection.
At this point, you need to understand if your connection goes directly on a modem or through another router first. If there is a firewall configured on the other router then all you need to do is setup a rule for allowing incoming return traffic from any location, however if it does not have a firewall initially set up then skip that step and read only steps 4-6 below. This is usually different when using wireless most routers today allow some form of incoming and/or outgoing traffic to be blocked, but not the other way around.
4. If you already have a firewall configured on your router: in this case, all traffic is blocked by default. You need to open up some ports in order to allow certain traffic from outside (WAN) to pass through into your home network – as a result any device within your LAN will then be able to access those services which are allowed through the rules.
5. enable incoming connections on WAN/Internet interface: In this example I’m actually having two active connections so make sure that one of them allows incoming connections too (one with “Enable WAN access” ticked). Double click it and in the next screen select “Enabled” from the drop-down menu. You may need to reboot for it to take effect.
6. Add rules allowing all incoming traffic on selected source IP and port:
If you already have a firewall configured, then this step is usually required in order to allow return traffic (inbound) on any allowed service/port defined previously.
If your router does not have a preconfigured firewall, or if you are unsure then just go ahead and add ALLOW INBOUND as new rule – otherwise you will be able to access web interface only from devices within your LAN , but not from outside through Internet – which kind of defeats the point of having internet connection . Otherwise, just follow instructions below:
In my example I’m using a single PC to access web interface, but I need to make sure that my firewall will allow all traffic from any location. All rules are selected and added by clicking at the ‘+’ sign on each row.
7. Add rule allowing return/inbound traffic:
Depending on your router model , you may or may not have this option available . If you do then simply click on “ALLOW INBOUND”, otherwise if you don’t have this option simply go to next step directly .
For my example there is no “ALLOW INBOUND” … so what I did here was add ALLOW OUTBOUND instead. might look a bit confusing, but it does make sense because this is what we are after . This rule will allow us to get back in and continue configuring Firewall as we need.
8. Save settings : click the ‘Apply’ button and your router will restart itself, so wait untill everything is up and running again (green LED) before continuing on.
9 . log into your router using IP address you defined at step 1 with username set to ‘admin’ and no password.
Once you have access to web interface go ahead and look into Firewall menu, there we need to allow NAT Punchthrough . Select “Virtual Servers” on the left hand side menu then click the button “add new” in order to create a rule entry. We are telling router that for any traffic directed toward UDP ports 50-500 inclusive (inclusive means from port 1-50 as well), forward it through WAN interface to any device within LAN that needs access to those servers. This rule will cover many protocols so it’s pretty much universal.
If your router does have this option *see point 7, then it should look like this:
10. Save settings (apply button) and test if everything is working as expected!
I have only tested for a few minutes, but it seems to be doing the job just fine.
Summary on How to Setup a firewall on your Home Network
1. Setup your router and allow incoming connections on WAN/Internet interface
2. Add rules allowing all traffic on selected source IP and port
3. Save settings (apply button)
4. Log into your router using IP address you defined at step 1 with username set to ‘admin’ and no password
5 . Under Firewall menu go ahead select “Virtual Servers”
6. Add new rule entry
7 . We are telling router that for any traffic directed toward UDP ports 50-500 inclusive, forward it through WAN interface to any device within LAN that needs access to those servers
8 . Save settings (apply button)
9 . Test if everything is working as expected!