The Internode Network Firewall is a complementary security feature which blocks some common Internet 'ports' that are typically used to transmit spam, viruses, or other malicious attacks against customer computers, routers, and modems.
This feature is available to ADSL/ADSL2+, NodeMobile Data, Wireless DSL, Fibre to the Home, and Dialup customers.
The network firewall feature is offered in the interests of assisting customers in maintaining the security of their computers, equipment and network.
The network firewall is designed to help curb the potential of our network and customers contributing to, or being on the receiving end of, malicious activities on the Internet.
Below you can find details of exactly what the firewall blocks - please note, this information may be of a somewhat technical nature.
If you do not understand what is described below, Internode highly recommends leaving the Network Firewall enabled.
Some broadband modems/routers have the potential to be compromised through a combination of weak administrator passwords and allowing administrator access from the Internet, or because the firmware (operating system) on the modem or router has not been kept up-to-date and is vulnerable to attack.
The Network Firewall helps to prevent your equipment from being compromised, by blocking the ability for people to connect to it from the Internet on common administrative (remote access) network ports. This does not affect connections to the Internet at all: it simply helps to stop unwanted or unauthorised connections from the Internet to your equipment.
Access to some common (but rarely used) Microsoft Windows file sharing service ports (often used by computer 'worms' and viruses to attack Windows PCs attached to the Internet) are blocked.
Note: This does not block you from using file sharing on your home computer network, nor from using popular Internet file sharing applications.
Outbound email (email that you send out to other people using the email SMTP protocol) needs to be sent via the normal Internode mail servers (mail.internode.on.net or securemail.internode.on.net).
The network firewall prevents the use of other email servers to send email, except for web based email services. Note this does not affect incoming email (email that you receive from other servers, places, and people).
Generally, most customers should be able to leave the firewall turned on at all times, and we encourage customers to take advantage of this protection and leave the firewall enabled. However with the expanded set of port blocks which are now in effect, some customers who currently have the Firewall enabled may need to turn it off.
Note: if you don't understand any of what follows, you should leave the Network Firewall turned on.
Examples of when you may need to turn the firewall off include:
The network firewall is enabled by default for customers on Home/Easy plans.
For existing customers: If you've previously disabled the port filter, your existing setting will be maintained.
The network filter is turned on by default for Home/Easy plans only.
If you are using any Static IP type plan or service from Internode (SOHO, Power Pack, Business, Corporate, etc.), the Network Firewall is disabled by default.
You can however choose to enable the Network Firewall functionality via My Internode, if you so wish.
If you are using any Static IP type plan or service from Internode (SOHO, Power Pack, Business, Corporate, etc.), the firewall is disabled by default.
The Network Firewall should not prevent you from connecting to a VPN, and as long as your traffic passes over the VPN connection, the firewall will not affect you.
This means, for instance, that if you VPN into your company network and send email via the company email server, it will continue to work fine without any need to disable the Internode Network Firewall for your service.
The Network Firewall does not affect your ability to connect to websites or web proxy servers from your Internode service.
If you run your own web (HTTP/HTTPS) or email (SMTP) server on your Home or Easy service, you should disable the firewall.
If you run a personal server or broadband router on your Home or Easy service that you need to access from the Internet (remotely) via Telnet, SSH, HTTP, or HTTPS, then you should disable the Network Firewall.
Windows Remote Desktop and VNC ports are not filtered and are not affected by the firewall.
The firewall does not affect your ability to use web-page based email access (often referred to as webmail).
The firewall does not affect incoming POP3 or IMAP email.
The firewall only affects outgoing (SMTP) email (email that you send out), and it only impacts that if you decide not to use the Internode mail server for sending email (SMTP).
Sending email via any form of webmail system on the Internet is not affected by the Network Firewall.
If the firewall is enabled, you will be unable to send email directly via another provider's email servers.
In this case, you have two options:
Note that if you use a webmail system (e.g. Internode webmail, your company's remote access webmail, Gmail or Hotmail) to access email, this is completely unaffected by the firewall. You don't not need to disable the firewall to use web based email services. There is absolutely no impact on connecting to services on the Internet using HTTP or HTTPS (ports 80 and 443).
If you run your own SMTP email server, you have two options:
You can do one of two things:
First, make sure you really are running an SMTP email server on your laptop.
If you are just using your laptop to send SMTP email to the Internode mail servers from your chosen laptop mail client, you have absolutely no problem to solve.
If you definitely run an SMTP server on your laptop, you can do one of two things:
The Network Firewall does not impact or block these types of applications.
As long as the email is sent via the Internode email servers (mail.internode.on.net or securemail.internode.on.net) you won't be affected.
Does the program you use:
If it doesn't do any of the above, then it's extremely unlikely that the Internode Network Firewall will affect your program. If it does, then you can just disable the firewall through My Internode.
No, the Internode Network Firewall will not affect anything on your local network. The firewall only applies to traffic sent and received to and from the Internet.
No, it won't affect your TiVo.
Whilst the TiVo documentation may note that you need to have ports 80, 443, and 8080 open (amongst others) for it to successfully communicate with your computer and the TiVo service on the Internet, the Internode Network Firewall will not block these connections.
If you're having trouble with your TiVo connecting to the TiVo service or to your home computer, refer to the TiVo support site for further assistance.
Not at this time.
We may revise the options available in the future, but for the time being and for simplicity, the only options are "On" or "Off".
It's important to appreciate that this is only a basic network 'firewall', not an advanced firewall.
It is simply a filtering process to reduce the incidence of some very common forms of network 'attack'. The outbound email (SMTP) filtering is intended to reduce the impact that virus-compromised computers sending spam are able to have on other Internet users (and on you, due to load on your computer and your Internet connection).
The Network Firewall is designed to have zero impact for the majority of Internode customers (other than helping to increase security and stamp out some computer viruses and email spam).
Not at this time, see above.
In the event you have specific requirements that mean that any of these things do impact you, simply turn the Network Firewall off.
Outbound means: Connections or requests that you or your computers make to the Internet from your Internode service.
- Port 25 (SMTP) to anywhere except mail.internode.on.net
Note: Email sent via securemail.internode.on.net is completely unaffected.
- Port 135 - RPC
- Port 137 - NetBIOS
- Port 138 - NetBIOS
- Port 139 - NetBIOS
- Port 445 - SMB/CIFS
Inbound means: Connections or requests originating from the Internet into your home or business network via your Internode service.
- Port 135 - RPC
- Port 137 - NetBIOS
- Port 138 - NetBIOS
- Port 139 - NetBIOS
- Port 445 - SMB/CIFS
- Port 22 - Secure Shell (SSH)
- Port 23 - Telnet
- Port 80 - Web pages (HTTP)
- Port 443 - Secure web pages (HTTPS)
- Port 3128 - Web proxy server
- Port 8080 - Web proxy server
Internode may occasionally revise what is covered by the Network Firewall, should other ports become a specific and common attack vector for widespread, malicious worm/virus software.
Any permanent updates to the firewall will be noted on this page and also in the Network Firewall settings in My Internode.
Any temporary additions to the firewall (necessary to deal with a specific virulent new network 'worm' or similar) will be notified in an advisory.
Yes, login to My Internode, then select the "Network Firewall Settings" menu item, and then turn it off.
Please note: It may take up to one hour for changes to the firewall settings to take effect. If you don't think the firewall settings have taken effect after an hour, please reset your ADSL router/connection once, and this should pick up the updated configuration for your service.
If you don't see the "Network Firewall settings" option in the "My Services" column, then the Network Firewall is not applicable or available to your service at this time (this also means that your service is not affected at all by the Network Firewall).
Note: You can configure your decision to enable or disable the firewall separately for different broadband accounts, and for any dialup accounts that you use. The setting is not global for all of your separate accounts and service types (even if you use the same username).
When you login to My Internode, choose the appropriate service type (e.g. 'Broadband', 'NodeMobile', 'Dialup') to view the settings for that service.