- What is the Internode Network Firewall?
- Why does Internode offer this feature?
- More about the Network Firewall
- I'm not sure if this will affect me…
- I have a Home or Residential plan
- I have a SOHO or Business plan
- I have a plan with a Static IP address
- I VPN into my company/work network
- Servers, Remote Access and Web
- Sending and Receiving email
- File Sharing
- I use "some other program"—any problem likely?
- Will the firewall affect anything on my own local network?
- Further general questions
- Can you make other firewall options available?
- Can I just have the port filtering but not the mail blocking or vice versa?
- What specific ports are you filtering?
- I don't want you to firewall anything—can I turn it off?
- When I login to My Internode, I don't see the option to change my network firewall settings, where is it?
What is the Internode Network Firewall?
The Internode Network Firewall (Port Blocking) is an included security feature which blocks some common Internet 'ports' that are used to transmit spam, viruses, or other malicious attacks against computers, routers, and modems.
This feature is available to Internode NBN, Fibre Estates, ADSL2+, NodeMobile Data, Wireless DSL, and Dialup customers.
Why does Internode offer this feature?
Internode offers the Network Firewall to help customers maintain the security of their computers, equipment, and network.
We designed the Network Firewall to curb the potential of our network and customers contributing to—and being on the receiving end of—malicious activities on the Internet.
More about the Network Firewall
- The Network Firewall is provided as an additional and optional security measure. It is not a substitute for operating and maintaining your own virus, malware, and firewall protection.
- The firewall is on by default for Home and Residential plans.
- The firewall is off by default for Power, Business and Static IP Packs and SOHO and Business plans.
- Customers can enable or disable the Network Firewall/Port Blocking online at any time, through My Internode.
Below you can find details of exactly what the firewall blocks. Please note: this information may be somewhat technical.
If you do not understand what is described below, Internode highly recommends leaving the Network Firewall enabled.
Blocking common remote-access modem/router admin, server, and web ports
Some broadband modems/routers have the potential to be compromised through a combination of weak administrator passwords and allowing administrator access from the Internet, or because the firmware (operating system) on the modem or router has not been kept up-to-date and is vulnerable to attack.
The Network Firewall helps to prevent your equipment from being compromised, by blocking the ability for people to connect to it from the Internet on common administrative (remote access) network ports. This does not affect connections to the Internet at all: it simply helps to stop unwanted or unauthorised connections from the Internet to your equipment.
Blocking Windows NETBIOS/SMB/CIFS ports
Access to some common (but rarely used) Microsoft Windows file sharing service ports (often used by computer 'worms' and viruses to attack Windows PCs attached to the Internet) are blocked.
Note: This does not block you from using file sharing on your home computer network, or from using popular Internet file sharing applications.
Outbound email via Internode mail servers only
Outbound email (email that you send out to other people using the email SMTP protocol) needs to be sent via the normal Internode mail servers (mail.internode.on.net or securemail.internode.on.net).
The network firewall prevents the use of other email servers to send email, except for browser based (webmail) email services. Note this does not affect incoming email (email that you receive from other servers, places, and people).
In what specific cases would I want to turn the firewall off?
Generally, most customers should be able to leave the firewall turned on at all times, and we encourage customers to take advantage of this protection and leave the firewall enabled. However with the expanded set of port blocks that are now in effect, some customers who currently have the Firewall enabled may need to turn it off.
Note: if you don't understand any of what follows, you should leave the Network Firewall turned on.
Examples of when you may need to turn the firewall off include:
- when running a server (which requires people on the Internet to access it) on the service in question, specifically:
- a HTTP or HTTPS web server on ports 80 and/or 443
- an SMTP email server on port 25
- a TELNET or SSH shell server on ports 22 and/or 23
- for remote (from the Internet) web or shell access to a broadband modem or router on this service
- for remote (from the Internet) proxy server access on ports 3128 and/or 8080 on this service
I'm not sure if this will affect me…
I have a Home or Residential plan
The network firewall is enabled by default for customers on Home/Residential plans.
For existing customers: If you've previously disabled the Network Firewall or Port Blocking, your existing setting will be maintained.
I have a SOHO, Power Pack, Static IP Pack or Business plan
The network filter is turned on by default for Home/Residential plans only.
If you are using any Static IP type plan or service from Internode (SOHO, Power Pack, Business, Corporate, etc.), the Network Firewall is disabled by default.
You can however choose to enable the Network Firewall functionality via My Internode, if you so wish.
I have a plan with a Static IP address
If you are using any Static IP type plan or service from Internode (SOHO, Power Pack, Static IP Pack, Business, Corporate, etc.), the Network Firewall/Port Blocking is disabled by default.
I VPN into my company/work network
The Network Firewall should not prevent you from connecting to a VPN, and as long as your traffic passes over the VPN connection, the firewall will not affect you.
This means, for instance, that if you VPN into your company network and send email via the company email server, it will continue to work fine without any need to disable the Internode Network Firewall for your service.
Servers, Remote Access and Web
I want to be able to connect to websites
The Network Firewall does not affect your ability to connect to websites or web proxy servers from your Internode service.
I run a web and/or email server on my service
If you run your own web (HTTP/HTTPS) or email (SMTP) server on your Home or Easy service, you should disable the firewall.
Remote management and access to my server or broadband router
If you run a personal server or broadband router on your Home or Easy service that you need to access from the Internet (remotely) via Telnet, SSH, HTTP, or HTTPS, then you should disable the Network Firewall.
I use Microsoft Windows Remote Desktop or VNC
Windows Remote Desktop and VNC ports are not filtered and are not affected by the firewall.
Sending and Receiving email
I use Gmail, Hotmail, or Yahoo mail via my web browser
The firewall does not affect your ability to use browser based email access (often referred to as webmail).
If I receive email from another server (POP3 or IMAP)
The firewall does not affect incoming POP3 or IMAP email.
The firewall only affects outgoing (SMTP) email (email that you send out), and it only impacts that if you decide not to use the Internode mail server for sending email (SMTP).
The Network Firewall does not affect sending email through browser-based (webmail) systems.
I use an email address from another provider and I send and receive email using their mail servers from my email program
If the firewall is enabled, you will be unable to send email directly via another provider's email servers.
In this case, you have two options:
- Turn off the Network Firewall.
- Configure your outgoing mail (SMTP) server setting to send via Internode's email server (mail.internode.on.net)
Note that if you use a webmail system (for example, Internode webmail, your company's remote access webmail, Gmail, or Hotmail) to access email, this is completely unaffected by the firewall. You don't need to disable the firewall to use web based email services. There is absolutely no impact on connecting to services on the Internet using HTTP or HTTPS (ports 80 and 443).
I run an Email server on my Home or Easy service
If you run your own SMTP email server, you have two options:
You can do one of two things:
- Turn off the firewall—if you need to send email direct to remote Internet hosts via SMTP, instead of using the Internode mail server as your outbound relay, or
- Configure Internode's email server (mail.internode.on.net) as the outgoing 'smarthost'—this will configure your mail server to send all email out via Internode's mail servers.
I run an Email SMTP server on my Laptop/Notebook computer to send email.
First, make sure you really are running an SMTP email server on your laptop.
If you are just using your laptop to send SMTP email to the Internode mail servers from your chosen laptop mail client, you have absolutely no problem to solve.
If you definitely run an SMTP server on your laptop, you can do one of two things:
- Turn off the Network Firewall/Port Blocking on your Internode connection, or
- Configure your outgoing email client to use authentication and SSL (Secure Email Settings), this will allow you to send email from any connection, anywhere, regardless of whether you're connected to the Internode network or not. We highly recommend this option.
File Sharing
I use Internet file sharing or peer-to-peer (P2P) file sharing applications
The Network Firewall does not impact or block these types of applications.
I send email out with a FROM address set to something other than my Internode address
As long as the email is sent via the Internode email servers (mail.internode.on.net or securemail.internode.on.net) you won't be affected.
I use "some other program"—any problem likely?
Does the program you use:
- Require users from the Internet to connect to a system on your Internode service on ports 80, 443, 22, 23, 8080, or 3128, or
- Send email out using the SMTP protocol on port 25, directly to other email servers (not via Internode's email servers), or
- Use the Windows NETBIOS, SMB, or CIFS protocols across the Internet?
If it doesn't do any of the above, then it's extremely unlikely that the Internode Network Firewall will affect your program. If it does, then you can just disable the firewall through My Internode.
Will the firewall affect anything on my own local network?
No, the Internode Network Firewall will not affect anything on your local network. The firewall only applies to traffic sent and received to and from the Internet.
Further general questions
Can you make other firewall options available?
Not at this time.
We may revise the options available in the future, but for the time being and for simplicity, the only options are "On" or "Off".
It's important to appreciate that this is only a basic network 'firewall', not an advanced firewall.
It is simply a filtering process to reduce the incidence of some very common forms of network 'attack'. The outbound email (SMTP) filtering is intended to reduce the impact that virus-compromised computers sending spam are able to have on other Internet users (and on you, due to load on your computer and your Internet connection).
The Network Firewall is designed to have zero impact for most Internode customers (other than increasing security and stamping out some computer viruses and spam).
Can I just have the port filtering but not the mail blocking or vice versa?
Not at this time, see above.
In the event you have specific requirements that mean that any of these things do impact you, simply turn the Network Firewall off.
What specific ports are you filtering?
Outbound
Outbound means: Connections or requests that you or your computers make to the Internet from your Internode service.
| Port 25 | SMTP to anywhere except mail.internode.on.net. |
| Windows File Sharing | |
| Port 135 | RPC |
| Port 137 | NetBIOS |
| Port 138 | NetBIOS |
| Port 139 | NetBIOS |
| Port 445 | SMB/CIFS |
| Port 2855 | MSRP |
Inbound
Inbound means: Connections or requests originating from the Internet into your home or business network via your Internode service.
Anything else filtered?
No.
Internode may occasionally revise what is covered by the Network Firewall, should other ports become a specific and common attack vector for widespread, malicious worm/virus software.
Any permanent updates to the firewall will be noted on this page and also in the Network Firewall settings in My Internode.
Any temporary additions to the firewall (to deal with a new network 'worm' or similar) will be notified in an advisory.
I don't want you to firewall anything—can I turn it off?
Yes, login to My Internode, then select the "Network Firewall Settings" menu item (this may also be called "Port Blocking"), and then turn it off.
Please note: It may take up to one hour for changes to the firewall settings to take effect. If you don't think the firewall settings have taken effect after an hour, please reset your ADSL router/connection once, and this should pick up the updated configuration for your service.
When I login to My Internode, I don't see the option to change my network firewall settings, where is it?
If you don't see the "Network Firewall Settings" option in the "My Services" column, then the Network Firewall is not applicable to your service. This also means your service is not affected at all by the Network Firewall.
Note: You can enable or disable the Network Firewall/Port Blocking separately for different broadband accounts, and for any other eligible Internet accounts. The setting is not global for all your separate accounts and service types (even if you use the same username).
When you login to My Internode, (if applicable) choose the appropriate service type (for example, 'Broadband', 'NodeMobile', 'Dialup') to view the settings for that service.
