- What is the Internode Network Firewall?
- Why does Internode offer this feature?
- More about the Network Firewall
- I'm not sure if this will affect me...
- I have a Home or Easy plan
- I have a SOHO or Business plan
- I have a plan with a Static IP address
- I VPN into my company/work network
- Servers, Remote Access and Web
- Sending and Receiving email
- File Sharing
- I use "some other program" - any problem likely?
- Will the firewall affect anything on my own local network?
- Will the firewall affect my TiVo?
- Further general questions
- Can you make other firewall options available?
- Can I just have the port filtering but not the mail blocking or vice versa?
- What specific ports are you filtering?
- I don't want you to firewall anything, can I turn it off?
- When I login to My Internode, I don't see the option to change my network firewall settings, where is it?
What is the Internode Network Firewall?
The Internode Network Firewall is a complementary security feature which blocks some common Internet 'ports' that are typically used to transmit spam, viruses, or other malicious attacks against customer computers, routers, and modems.
This feature is available to ADSL/ADSL2+, NodeMobile Data, Wireless DSL, Fibre to the Home, and Dialup customers.
Why does Internode offer this feature?
The network firewall feature is offered in the interests of assisting customers in maintaining the security of their computers, equipment and network.
The network firewall is designed to help curb the potential of our network and customers contributing to, or being on the receiving end of, malicious activities on the Internet.
More about the Network Firewall
- The Network Firewall is provided as an additional and optional security measure. It is not a substitute for operating and maintaining your own virus, malware, and firewall protection.
- The firewall is on by default for Home and Easy plans.
- The firewall is off by default for Power and Business Packs and SOHO and Business plans.
- Customers can enable or disable the firewall online at any time, through My Internode.
Below you can find details of exactly what the firewall blocks—please note, this information may be of a somewhat technical nature.
If you do not understand what is described below, Internode highly recommends leaving the Network Firewall enabled.
Blocking common remote-access modem/router admin, server, and web ports
Some broadband modems/routers have the potential to be compromised through a combination of weak administrator passwords and allowing administrator access from the Internet, or because the firmware (operating system) on the modem or router has not been kept up-to-date and is vulnerable to attack.
The Network Firewall helps to prevent your equipment from being compromised, by blocking the ability for people to connect to it from the Internet on common administrative (remote access) network ports. This does not affect connections to the Internet at all: it simply helps to stop unwanted or unauthorised connections from the Internet to your equipment.
Blocking Windows NETBIOS/SMB/CIFS ports
Access to some common (but rarely used) Microsoft Windows file sharing service ports (often used by computer 'worms' and viruses to attack Windows PCs attached to the Internet) are blocked.
Note: This does not block you from using file sharing on your home computer network, nor from using popular Internet file sharing applications.
Outbound email via Internode mail servers only
Outbound email (email that you send out to other people using the email SMTP protocol) needs to be sent via the normal Internode mail servers (mail.internode.on.net or securemail.internode.on.net).
The network firewall prevents the use of other email servers to send email, except for web based email services. Note this does not affect incoming email (email that you receive from other servers, places, and people).
In what specific cases would I want to turn the firewall off?
Generally, most customers should be able to leave the firewall turned on at all times, and we encourage customers to take advantage of this protection and leave the firewall enabled. However with the expanded set of port blocks which are now in effect, some customers who currently have the Firewall enabled may need to turn it off.
Note: if you don't understand any of what follows, you should leave the Network Firewall turned on.
Examples of when you may need to turn the firewall off include:
- when running a server (which requires people on the Internet to access it) on the service in question, specifically:
- an HTTP or HTTPS web server on ports 80 and/or 443
- an SMTP email server on port 25
- a TELNET or SSH shell server on ports 22 and/or 23
- for remote (from the Internet) web or shell access to a broadband modem or router on this service
- for remote (from the Internet) proxy server access on ports 3128 and/or 8080 on this service
I'm not sure if this will affect me...
I have a Home or Easy plan
The network firewall is enabled by default for customers on Home/Easy plans.
For existing customers: If you've previously disabled the port filter, your existing setting will be maintained.
I have a SOHO, Power Pack or Business plan
The network filter is turned on by default for Home/Easy plans only.
If you are using any Static IP type plan or service from Internode (SOHO, Power Pack, Business, Corporate, etc.), the Network Firewall is disabled by default.
You can however choose to enable the Network Firewall functionality via My Internode, if you so wish.
I have a plan with a Static IP address
If you are using any Static IP type plan or service from Internode (SOHO, Power Pack, Business, Corporate, etc.), the firewall is disabled by default.
I VPN into my company/work network
The Network Firewall should not prevent you from connecting to a VPN, and as long as your traffic passes over the VPN connection, the firewall will not affect you.
This means, for instance, that if you VPN into your company network and send email via the company email server, it will continue to work fine without any need to disable the Internode Network Firewall for your service.
Servers, Remote Access and Web
I want to be able to connect to websites
The Network Firewall does not affect your ability to connect to websites or web proxy servers from your Internode service.
I run a web and/or email server on my service
If you run your own web (HTTP/HTTPS) or email (SMTP) server on your Home or Easy service, you should disable the firewall.
Remote management and access to my server or broadband router
If you run a personal server or broadband router on your Home or Easy service that you need to access from the Internet (remotely) via Telnet, SSH, HTTP, or HTTPS, then you should disable the Network Firewall.
I use Microsoft Windows Remote Desktop or VNC
Windows Remote Desktop and VNC ports are not filtered and are not affected by the firewall.
Sending and Receiving email
I use Gmail, Hotmail or Yahoo mail via my web browser
The firewall does not affect your ability to use web-page based email access (often referred to as webmail).
If I receive email from another server (POP3 or IMAP)
The firewall does not affect incoming POP3 or IMAP email.
The firewall only affects outgoing (SMTP) email (email that you send out), and it only impacts that if you decide not to use the Internode mail server for sending email (SMTP).
Sending email via any form of webmail system on the Internet is not affected by the Network Firewall.
I use an email address from another provider and I send and receive email using their mail servers from my email program
If the firewall is enabled, you will be unable to send email directly via another provider's email servers.
In this case, you have two options:
- Turn off the Network Firewall.
- Configure your outgoing mail (SMTP) server setting to send via Internode's email server (mail.internode.on.net)
Note that if you use a webmail system (e.g. Internode webmail, your company's remote access webmail, Gmail or Hotmail) to access email, this is completely unaffected by the firewall. You don't not need to disable the firewall to use web based email services. There is absolutely no impact on connecting to services on the Internet using HTTP or HTTPS (ports 80 and 443).
I run an Email server on my Home or Easy service
If you run your own SMTP email server, you have two options:
You can do one of two things:
- Turn off the firewall—if you need to send email direct to remote Internet hosts via SMTP, instead of using the Internode mail server as your outbound relay, or
- Configure Internode's email server (mail.internode.on.net) as the outgoing 'smarthost'—this will configure your mail server to send all email out via Internode's mail servers.
I run an Email SMTP server on my Laptop/Notebook computer to send email.
First, make sure you really are running an SMTP email server on your laptop.
If you are just using your laptop to send SMTP email to the Internode mail servers from your chosen laptop mail client, you have absolutely no problem to solve.
If you definitely run an SMTP server on your laptop, you can do one of two things:
- Turn off the Network Firewall on your Internode connection, or
- Configure your outgoing email client to use authentication and SSL (Secure Email Settings), this will allow you to send email from any connection, anywhere, regardless of whether you're connected to the Internode network or not. We highly recommend this option.
File Sharing
I use Internet file sharing or peer-to-peer (P2P) file sharing applications
The Network Firewall does not impact or block these types of applications.
I send email out with a FROM address set to something other than my Internode address
As long as the email is sent via the Internode email servers (mail.internode.on.net or securemail.internode.on.net) you won't be affected.
I use "some other program"—any problem likely?
Does the program you use:
- Require users from the Internet to connect to a system on your Internode service on ports 80, 443, 22, 23, 8080 or 3128, or
- Send email out using the SMTP protocol on port 25, directly to other email servers (not via Internode's email servers), or
- Use the Windows NETBIOS, SMB or CIFS protocols across the Internet?
If it doesn't do any of the above, then it's extremely unlikely that the Internode Network Firewall will affect your program. If it does, then you can just disable the firewall through My Internode.
Will the firewall affect anything on my own local network?
No, the Internode Network Firewall will not affect anything on your local network. The firewall only applies to traffic sent and received to and from the Internet.
Will the firewall affect my TiVo?
No, it won't affect your TiVo.
Whilst the TiVo documentation may note that you need to have ports 80, 443, and 8080 open (amongst others) for it to successfully communicate with your computer and the TiVo service on the Internet, the Internode Network Firewall will not block these connections.
Here's why:
- Connections to/from your TiVo and your computer (TiVo Desktop software and Home Network Package)—as in the above question, the firewall only applies to traffic sent and received to and from the Internet. It won't affect your local home network traffic at all.
- Connections to the TiVo service on the Internet—the Network Firewall only blocks ports 80, 443 and 8080 inbound from the Internet to your home network. The TiVo only needs to be able to connect outbound to these specific ports.
If you're having trouble with your TiVo connecting to the TiVo service or to your home computer, refer to the TiVo support site for further assistance.
Further general questions
Can you make other firewall options available?
Not at this time.
We may revise the options available in the future, but for the time being and for simplicity, the only options are "On" or "Off".
It's important to appreciate that this is only a basic network 'firewall', not an advanced firewall.
It is simply a filtering process to reduce the incidence of some very common forms of network 'attack'. The outbound email (SMTP) filtering is intended to reduce the impact that virus-compromised computers sending spam are able to have on other Internet users (and on you, due to load on your computer and your Internet connection).
The Network Firewall is designed to have zero impact for the majority of Internode customers (other than helping to increase security and stamp out some computer viruses and email spam).
Can I just have the port filtering but not the mail blocking or vice versa?
Not at this time, see above.
In the event you have specific requirements that mean that any of these things do impact you, simply turn the Network Firewall off.
What specific ports are you filtering?
Outbound
Outbound means: Connections or requests that you or your computers make to the Internet from your Internode service.
- Port 25 (SMTP) to anywhere except mail.internode.on.net
Note: Email sent via securemail.internode.on.net is completely unaffected.
Windows File Sharing
- Port 135 - RPC
- Port 137 - NetBIOS
- Port 138 - NetBIOS
- Port 139 - NetBIOS
- Port 445 - SMB/CIFS
Inbound
Inbound means: Connections or requests originating from the Internet into your home or business network via your Internode service.
Windows File Sharing
- Port 135 - RPC
- Port 137 - NetBIOS
- Port 138 - NetBIOS
- Port 139 - NetBIOS
- Port 445 - SMB/CIFS
Servers and Web
- Port 22 - Secure Shell (SSH)
- Port 23 - Telnet
- Port 80 - Web pages (HTTP)
- Port 443 - Secure web pages (HTTPS)
- Port 3128 - Web proxy server
- Port 8080 - Web proxy server
Anything else filtered?
No.
Internode may occasionally revise what is covered by the Network Firewall, should other ports become a specific and common attack vector for widespread, malicious worm/virus software.
Any permanent updates to the firewall will be noted on this page and also in the Network Firewall settings in My Internode.
Any temporary additions to the firewall (necessary to deal with a specific virulent new network 'worm' or similar) will be notified in an advisory.
I don't want you to firewall anything, can I turn it off?
Yes, login to My Internode, then select the "Network Firewall Settings" menu item, and then turn it off.
Please note: It may take up to one hour for changes to the firewall settings to take effect. If you don't think the firewall settings have taken effect after an hour, please reset your ADSL router/connection once, and this should pick up the updated configuration for your service.
When I login to My Internode, I don't see the option to change my network firewall settings, where is it?
If you don't see the "Network Firewall settings" option in the "My Services" column, then the Network Firewall is not applicable or available to your service at this time (this also means that your service is not affected at all by the Network Firewall).
Note: You can configure your decision to enable or disable the firewall separately for different broadband accounts, and for any dialup accounts that you use. The setting is not global for all of your separate accounts and service types (even if you use the same username).
When you login to My Internode, choose the appropriate service type (e.g. 'Broadband', 'NodeMobile', 'Dialup') to view the settings for that service.
