Iptv users: do you firewall?

[H2Obuffalo]

Hello-

I just got broadband installed upcountry using IPTV (satellite) service from CS Internet, however the techies who installed it could not get it to work if I had a firewall (ZoneAlarm or McAfee) turned on (even though we added the relevant program to the "allow" list).  Have other IPTV users had this trouble and if so have you found a way around it?

I really don't want to use a broadband connection without a firewall, because in the past when I have used internet cable and ADSL, ZoneAlarm has caught people (well, probably bots) trying to hack in about once every minute.  I think without a firewall it's just a matter of time till one get's creamed.

One thing I discovered is that if ZoneAlarm is turned off while starting up the IPTV connection, it can then be turned on manually once the connection is open without causing any trouble.  So, that's not so bad.  It's ust a pain to remember and do each time.

Has anyone successfully configured their firewall to allow IPTV connection to start up without first shutting down their firewall?  Thanks for any experience you can share.

-H2Obuffalo

[djinn]

I don't use satellite but I use a better solution than zonealarm I used previously.

Name  Kerio,you find it free on the net for personal use

I have the info only in french. (www.telecharger.com) But the soft is in english.Allow you to define who will be allowed to enter your system at first use.After that its transparent for you

Hope this help

[MaiChai]

Zone Alarm is cr@p. I had a lot of problems with it when we were sharing an internet connection. I really hate these firewall products that try and do it automatically for you without telling you what they are doing. By implication, firewalls require some technical knowledge to use them. I use Tiny Personal Firewall (V2 which was free), which is what the winXP personal firewall is based on. Thats a point; why don't you use the winXP built in one? I haven't heard many complains about it. There are better (free) firewalls about; certainly much better than Zone Alarm.

[exchange1973]

Hi there,

why not use linux- or hardwarerouter. Ok, to set up a linux-firewall you need another machine :-( and there is some knowledge about ipfilter necessary.

For simple structured home- or smallofficenetworking I would prefer a hardwarerouter(became real cheap). For example:

SMC Barricade with integrated Hub, firewall, virtual server... You can manage this device by built in webserver. A very secure solution I think. You also can use the built in NAT (network adress translation), so you can provide an internetaccess for up to 250 machines. This router looks like a small modem (not that kind of 19''-ones you have to put in a serverrack)

Ok, you have to invest in additional hardware, but it is worth the amount.

GTX.

[wolf5370]

A couple of things.

Firstly, if your going to buy new hardware, buy a hardware firewall rather than a new PC to use as a software F/W!

Secondly, I use Norton Internet Security package, which includes firewall, virus checker, parental control etc etc. I use it via broadband with no problems (may need to be manually started if you put it on a server, but will autostart for a desktop/laptop. Server also will not install the virus checker, but you can install it separatly and it works fine - OK for Lap/Desktop).

Third, your original problem. Don't know about your set up, but if you added it to the accept list and it still fails, then it could be one of a few things. The best bet is that it is using a port that your firewall uis actively blocking. By port, I mean software port, not the modem socket. Most software will allow you to set the port to allow its use - you still want to monitor the port thoughm, so don't switch off that too. Ask you help desk for the port number they use (standard HTTP tarffic is through port 80 - your firewall should be allowing this!).

Have you tried uninstalling and reinstalling the firewall software since you connected to broadband? It may pickup the systems set up during install.

If you have a dedicated IP Address or are linking through as a network rather than a dial-up, then you may need to add their DNS machine to your accepted server list in the firewall settings. That is the machine that the ISP uses to give your machine a name on the network. Your firewall may be blocking this com and thus you are rejected access to the network.

Try sending an email to your firewall product helpdesk they may know settings that a specific to your product that may need to be set.

Good luck.

[exchange1973]

Note to Wolfs suggestion:

1. Agree 100% with Wolf: Invest some € or $ in a small hardwarerouter with integrated firewalling-functionality. It's cheaper than buy a new PC.

2. DNS:

It's not correct, that the DNS-Server of your provider gives your Computer/LAN a name!

A DNS resolves hostnames in IP-Adresses. So when you have a static/permanent IP-Adress, you can register a domain with MX and APTR. These parameters will be served by the DNS of provider.

(for completeness: DNS also support a "reverse lookup" -> resolves IP-Adresses in Hostnames (if a hostname for that adress is registered!)

But it is correct, that you should add the DNS-Server of your provider (primary and secondary) in your networksettings. Usually your machine gets that informations automatically, but this solutions sometimes not work very well, so you should better enter this setting.

When IP-Adress-resolution not works, webbrowsing will not work!

3. In general the firewall shouldn't block outgoing traffic, because for example when you enter a hostname in a webbrowser, the browser will process a dns-lookup to get the IP of that host.

The DNS of your provider is listening at UDP-Port 53, but your machine initiate the connection from a random portnumber. So the firewall should keep this connection in mind and not block the ingoing traffic.

Hope this info help a little!

GTX from Berlin