Hey, I setup my modem/router so it allows traffic for ports my apps use. I fill them out like start port 1000 end port 1000. But now I’ve used all the slots! How can I keep my router allowing traffic on ports I specify without compromising security? I own the Zyxel P-2602H-D1A.
Can’t say I know the Zyxel modem all that much. Have you tried the Zyxel support or forums?
Just out of curiosity. Why do you need to forward that many ports? Why not make a range of ports or edit the entries as you need them? If you only have a limited amount of entries, there’s really not much the Comodo firewall can do to increase that.
I’m just waiting for Comodo Search’nRescue Team to upgrade my Zyxel. Thank you.
If I remember correctly the settings of the zyxel router you can use ranges. Just make an entry like start port = 5000 and end port = 5010 if your programs need 10 ports.
They don’t. But what can happen if I setup a broader range than applications require? Does that create a security hole?
The incredible we can manage in no time - the impossible takes a little while. LOL
Unfortunately on a Zyxel router you’re stuck with 11 definable NAT forwarding ports. This can’t be changed, its a hardware limitation of the router O/S and its implementation.
If you have apps that uses related ports, you could define a range, but other than that, the only way to extend the range is to introduce a second router, port forward all ports on the first router to the second router (using one of the 11 slots on the first router) and then set up the additional forward ports on the second router.
I didn’t say it was a pretty solution, but it’s the only way I know to extend port forwarding. I speak from experience here - I’ve got a Zyxel 2606-HWL r61 router, great router, but there are a couple of limitations - none are showstoppers and they are very reliable.
Hope this helps,
There’s no way to group ports together instead of using one slot per port?
eg. “TCP port 22,80,443”
Unfortunately not. Zyxels setup only allows ranges - start port to end port. I did say they had limitations.
But what can happen if I setup a broader range than applications require? Does that create a security hole?
You could run Comodo Personal Firewall on the media server and set up network monitor rules to filter traffic passed through the expanded forwarding ranges set up on the router. This would reduce the 11 slot limitiation, but means you will have to be more thorough and precise with your network monitor rules.
Everything is life is a trade off.
Not about MediaServer. What can happen if I setup a broader range than applications require? Does that create a security hole?
Would that make a security hole? Yes, but there is no such thing as the perfectly secured computer, other than one that is not switched on and no human will ever touch. LOL
Having ports open is an entry point to having your PC compromised, but does not mean you will automatically be. Providing your system is fully patched (or as fully patched as a Windows system can be ;)), the potential for damage to your system is greatly minimized. Yes, a baddie could see your system through an unnecessarily opened port, but if the system he/she can see does not have any vulnerabilities, and the network monitor rules in CPF are set up correctly, he can’t get in.
Hope this helps,