![[Guide Home]](../../resources/misc/oplogo_green.jpg){kind=small}
|
The Web Hikers guide to
|
Home > Rules > Preset Rules > General
![[Green colours with tiny sized fonts]](../../resources/misc/css_green_small.gif){kind=small}
![[Green colours with medium sized fonts]](../../resources/misc/css_green_regular.gif){kind=small}
![[Green colours with large sized fonts]](../../resources/misc/css_green_large.gif){kind=small}
![[Orange colours with tiny sized fonts]](../../resources/misc/css_orange_small.gif){kind=small}
![[Orange colours with medium sized fonts]](../../resources/misc/css_orange_regular.gif){kind=small}
![[Orange colours with large sized fonts]](../../resources/misc/css_orange_large.gif){kind=small}
![[Blue colours with tiny sized fonts]](../../resources/misc/css_blue_small.gif){kind=small}
![[Blue colours with medium sized fonts]](../../resources/misc/css_blue_regular.gif){kind=small}
![[Blue colours with large sized fonts]](../../resources/misc/css_blue_large.gif){kind=small}
![[Grey colours with tiny sized fonts]](../../resources/misc/css_grey_small.gif){kind=small}
![[Grey colours with medium sized fonts]](../../resources/misc/css_grey_regular.gif){kind=small}
![[Grey colours with large sized fonts]](../../resources/misc/css_grey_large.gif){kind=small}
General
The general presets include rules for application types rather then individual applications. The General presets can be used as rules for applications that don't have their own presets or you can use them as a starting point for creating your own rules for an application. There are preset rules for the following types of applications:
E-mail Client
Browser
Download Manager
FTP Client
Telnet Client
Time Synchronizer
E-mail Client presets
- Send mail by Default E-Mail Client
- Read News By Default E-Mail Client
- Receive mail by Default E-Mail Client
- Default E-Mail Client IMAP connection
Browser presets
- Browser HTTP rule
- Browser HTTPS connection
- Browser SOCKS connection
- Browser PROXY connection
- Browser FTP connection
- Browser FTP DATA connection
- Browser PASV FTP connection
Download Manager presets
FTP Client presets
Telnet Client presets
Time Synchronizer presets
Send Mail By Default E-mail Client
Protocol: TCP
Direction: Outbound
Remote Port(s): SMTP (25)
Action: Allow It
What it's for
This rule is used whenever your e-mail client sends mail. It uses SMTP (Simple Mail Transfer Protocol) to send the mail to your e-mail providers SMTP server which in turn forwards your mail to it's destinations POP server so that the recipient can then receive the mail.
To optimize
Add an Event for 'Remote Host' and specify the 'Remote Host' as your e-mail providers SMTP server. This is usually smtp.your_provider.com so, for example, if NTLWorld is your e-mail provider you would use smtp.ntlworld.com. You can either e-mail your provider for there SMTP server details or send an e-mail and check either your Allowed log or the DNS Cache log both of which should give you the IP number or host name of your providers SMTP server.
More about SMTP
Back to General
Read Mail By Default E-mail Client
Protocol: TCP
Direction: Outbound
Remote Port(s): NNTP (119)
Action: Allow It
What it's for
This rule is used by your e-mail client whenever you read newsgroup postings. It uses NNTP (Network News Transfer Protocol).
To optimize
Add an Event for 'Remote Host' and specify the 'Remote Host' as the NNTP server that your news provider uses. As an example, to refine this rule for Steve Gibson's news servers you would use news.grc.com. If your mail client can't read news, or you don't read news then delete (or turn off) this rule.
More about NNTP
Back to General
Receive Mail By Default E-mail Client
Protocol: TCP
Direction: Outbound
Remote Port(s): POP3 (110)
Action: Allow It
What it's for
This rule is used whenever your e-mail client receives mail. It uses POP3 (Version 3 of the Post Office Protocol) to collect mail from your e-mail providers POP server.
To optimize
Add an Event for 'Remote Host' and specify the 'Remote Host' as your e-mail providers POP server. This is usually pop or pop3.your_provider.com so, for example, if NTLWorld is your e-mail provider you would use pop.ntlworld.com. You can either e-mail your provider for there POP server details or collect an e-mail and check either your Allowed log or the DNS Cache log both of which should give you the IP number or host name of your providers POP server.
More about POP3
Back to General
Default E-mail Client IMAP connection
Protocol: TCP
Direction: Outbound
Remote Port(s): IMAP (143)
Action: Allow It
What it's for
This rule is used by your e-mail client if it supports mail collection via IMAP (Internet Message Access Protocol). IMAP is...
“... a method of accessing electronic mail or bulletin board messages that are kept on a (possibly shared) mail server. In other words, it permits a "client" e-mail program to access remote message stores as if they were local. For example, e-mail stored on an IMAP server can be manipulated from a desktop computer at home, a workstation at the office, and a notebook computer while travelling, without the need to transfer messages or files back and forth between these computers.”- The IMAP Connection
To optimize
Add an Event for 'Remote Host' and specify the 'Remote Host' as your IMAP server. If you don't use IMAP then delete (or turn off) this rule.
More about IMAP
Back to General
Browser HTTP rule
Protocol: TCP
Direction: Outbound
Remote Port(s): HTTP (80), 81-83
Action: Allow It
What it's for
This rule is used for browsing web pages. HTTP (Hyper Text Transfer Protocol) is the only port you really need for browsing the Internet, ports 81, 82, 83 are auxiliary web browsing ports and are rarely used.
To optimize
Remove the remote ports: 81, 82, 83 unless you know that you need them.
More about HTTP
Back to General
Browser HTTPS connection
Protocol: TCP
Direction: Outbound
Remote Port(s): HTTPS (443)
Action: Allow It
What it's for
This rule is used for secure web page connections (Hyper Text Transfer Protocol over Secure Socket Layer (SSL)), HTTPS is used when you visit pages that need a password (such as Hotmail) or online shopping sites. You can tell when ever the page your looking at is secure by looking for the little padlock symbol which will be displayed somewhere in your browser. Unlike HTTP, HTTPS encrypts the data that is sent and received.
Of course, changing the Action from 'Allow It' to 'Deny It' will stop anyone using your browser from accessing secure sites. This would mean that if you didn't want anyone to be able to buy anything you could stop them quite easily without having to put every shopping site you can think of into the Content plugin's blocked sites list.
To optimize
The number of sites you visit that are secure are few and far between so you might like to create rules for each site you visit. Just specify as 'Remote Host' the site that you want, duplicate the rule, but change the 'Remote Host' for any additional site.
More about HTTPS
Back to General
Browser SOCKS connection
Protocol: TCP
Direction: Outbound
Remote Port(s): SOCKS (1080)
Action: Allow It
What it's for
SOCKS is only needed by people using a SOCKS proxy server. Most people don't need this rule. SOCKS is a protocol that allows applications that normally can't use a proxy server to use a proxy server, which is pretty cool! SOCKS is mainly maintained by NEC and there program SocksCap is available for free.
To optimize
If you know that you don't use a SOCKS proxy server you can delete (or turn off) this rule.
More about SOCKS
Back to General
Browser PROXY connection
Protocol: TCP
Direction: Outbound
Remote Port(s): 3128, 8080, 8088
Action: Allow It
What it's for
This rule is used by your browser when you have it set to connect to a proxy server. The rule is set to use the three most common ports proxies are usually set to. A proxy server allows more then one computer to connect to the Internet when there is only one Internet connection. So if you had two or more computers on a LAN (Local Area Network - two or more computers that are connected together to form a network, all participants on the LAN also need a cabled Network card) the computer (client) that didn't have access to the Internet could still access the Internet by routing it's connection through the computer (server) that did have Internet access. The clients connections would get sent to a proxy server on the server, the proxy server would then fetch the data requested by the client and pass the information back over the LAN to the client. AnalogX give away a free proxy server, it's the one I use at home to allow my brothers PC connect to the Internet
To optimize
For local proxies (like The Proxomitron) - specify the 'Remote Host' as localhost
For remote proxies (like your ISP's) - specify the 'Remote Host' as the IP of the remote proxy server (you can e-mail your ISP for their proxy server IP).
Remove PROXY ports that you don't use, so if you just use 8080, remove 8088 and 3128.
If you know that you don't use a proxy server you can delete (or turn off) this rule.
More about PROXY
Back to General
Browser FTP connection
Download Manager FTP connection
FTP connection
Protocol: TCP
Direction: Outbound
Remote Port(s): FTP (21)
Action: Allow It
What it's for
This rule is used for establishing FTP (File Transfer Protocol) connections to FTP servers to download a file (although file transfer can be done over HTTP using the browser's HTTP rule).
FTP uses two channels to achieve the transfer, there is the control connection (this rule) which is used to send the necessary commands to achieve the transfer and a data channel (see FTP DATA) which is used to actually send the files with. The control connection is established from the client (which would be you) when the client logs into an ftp server, whereas the data channel is usually established by the server to the client after the client connects to the server.
To optimize
Add an Event for 'Remote Host' and specify the 'Remote Host' as the FTP server you use.
More about FTP
Back to General
Browser FTP DATA connection
Download Manager FTP DATA connection
FTP DATA connection
Protocol: TCP
Direction: Inbound
Remote Port(s): FTP DATA (20)
Action: Allow It
What it's for
This rule is used for the actual transfer of files from an FTP (File Transfer Protocol) server (although file transfer can be done over HTTP using the browser's HTTP rule).
FTP uses two channels to achieve the transfer, there is the control connection (see FTP) which is used to send the necessary commands to achieve the transfer and a data channel (this rule) which is used to actually send the files with. The control connection is established from the client (which would be you) when the client logs into an ftp server, whereas the data channel is usually established by the server to the client after the client connects to the server.
To optimize
Add an Event for 'Remote Host' and specify the 'Remote Host' as the FTP server you use.
More about FTP DATA
Back to General
Browser PASV FTP connection
There are two rules, one for Inbound and one for Outbound.
Protocol: TCP
Direction: Inbound
Local Port(s): 1024-65535
Action: Allow It
Protocol: TCP
Direction:Outbound
Remote Port(s): 1024-65535
Action: Allow It
What it's for
These rules are used for FTP transfers when using Passive FTP mode instead of Active FTP mode. An explanation of Passive and Active FTP is in order:
Active FTP
Your download manager uses the FTP and FTP DATA rules for Active FTP transfers. In Active FTP transfers the client (in this case your download manager) connects from a random unprivileged local port (those over port number 1023) to the servers FTP command port (21) to let the server know that it is waiting for a connection from the server. The client then starts listening on a port 1 number higher then the port it opened the connection on. So if your client connects to an FTP server from local port 1024 and establishes a connection with the servers FTP command port, the client would then start listening on port 1025 for incoming connections from the FTP server. Once the client starts listening the server establishes a connection from its FTP DATA port (20) to your local port that the client is now listening on.
This doesn't cause problems if you don't have a firewall, but when you do it can cause all kinds of headaches. The reason it is such a problem for a firewalled system is that the client doesn't initiate the transfer. It just tells the FTP server what port it's listening on and lets the FTP server establish a connection from the servers FTP DATA port. Firewalls normally block connections like this, otherwise anyone could connect to the listening port.
In order to get round this problem Passive FTP mode (PASV) was developed
Passive FTP
Passive FTP makes the client responsible for initiating both connections. The client opens two random local unprivileged ports with the second being one number high then the first (so if the first port is 1055 the second is 1056). The client then contacts the server FTP command port (21) from the first port it opened (in this example 1055).
Now here is the difference. Instead of asking the server to connect form it's FTP DATA port to a random local port on the client, the client tells the server (by sending the PASV command) to open a random unprivileged port of it's own (for this example 1026). The server then tells the client what port it's awaiting a connection on and the client connects from it's second port (in this example 1056) to the servers now listening port 1026. Thus both connections are initiated by the client and the client side firewall doesn't block the connection because it was started by the client.
But wait a minute! Doesn't this cause all kinds of problems for the server side firewall?
Yes it does, but servers have away round this. Most FTP servers allow a server administrator to specify a range of local ports the FTP server is allowed to open and use.
Most download managers will have an option that allows you to use Passive FTP instead of Active FTP.
To optimize
Add an Event for 'Remote Host' and specify the 'Remote Host' as the FTP server you use.
More about FTP, FTP DATA
Back to General
Download Manager
Protocol: TCP
Direction: Outbound
Remote Port(s): HTTP (80), 81-83, HTTPS (443), SOCKS (1080), 3128, 8080, 8088, 11523
Action: Allow It
What it's for
This rule is used by your download manager downloading files via HTTP. HTTP (Hyper Text Transfer Protocol) is the only port you really need, ports 81, 82, 83 are auxiliary web browsing ports and are rarely used. HTTPS (Hyper Text Transfer Protocol over Secure Socket Layer (SSL)) is used when connecting to secure sites. SOCKS is only needed by people using a SOCKS proxy server. 3128, 8080, and 8088 are common ports that proxy servers use. If your download manager needs to use a proxy server for HTTP connections then it will probably be on one of these ports. 11523 is used by AOL's browser.
To optimize
Remove the remote ports: 81, 82, 83 unless you know that you need them. If you don't use a SOCKS proxy server remove SOCKS. If you don't use a remote or local proxy remove 3128, 8080 and 8088. Most people will not experience problems if they change the ports to just HTTP(80). If you don't use AOL's browser remove 11523.
More about HTTP, HTTPS, SOCKS, PROXY
Back to General
Default Telnet connection
Protocol: TCP
Direction: Outbound
Remote Port(s): TELNET (23)
Action: Allow It
What it's for
The TELNET protocol is used by Telnet clients to login remotely to another computer and execute commands on that computer. Your mostly likely to have to use a Telnet client to access your schools e-mail, I have never ever used a Telnet client but I've seen my brother use one to get his Uni e-mail. It seemed to be all text based and geeky as hell. They can also be used to play primative text based games called MUD's.
To optimize
Add an Event for 'Remote Host' and specify the 'Remote Host' as the host your trying to TELNET to.
More about Telnet
Back to General
Default Secure Telnet connection
Protocol: TCP
Direction: Outbound
Remote Port(s): SSH (22)
Action: Allow It
What it's for
SSH (Secure Shell). As above but with encryption.
To optimize
Add an Event for 'Remote Host' and specify the 'Remote Host' as the host your trying to TELNET to.
Back to General
Time Synchronizer connection
There are four rule for TCP and UDP.
Protocol: UDP
Remote Port(s): NTP (123)
Action: Allow It
Protocol: UDP
Remote Port(s): Time (37)
Action: Allow It
Protocol: TCP
Remote Port(s): Time (37)
Action: Allow It
Protocol: TCP
Direction: Outbound
Remote Port(s): Daytime (13)
Action: Allow It
What it's for
These rules are used by your Time Synchronizer to adjust your systems clock to that of a remote time server. It is achieved through the use of three protocols, Daytime (Daytime Protocol), NTP (Network Time Protocol) and Time.
To optimize
Add an Event for 'Remote Host' and specify the 'Remote Host' for all four rules as the time server you use.
Back to General
Outpost and the Outpost logo are ©Agnitum Software
This is an unofficial guide, the information expressed here may differ from Agnitum's. There is a support forum (no longer run by Agnitum, but by users) if you need more help this is a good place to start. Where information here conflicts with what Agnitum have told you always go with the information given to you by Agnitum.
Guide/site and images ©Stephen Cox