IP addresses make data transfers in the Internet possible. However, the number of IP addresses available in the world is limited. IPv6 is the new version of a protocol that specifies the IP address format, among other things. Read on to find out how to activate IPv6 and how to authorise incoming and outgoing connections.
The Internet-Box offers personal expert settings for network and IP addresses. To make changes to these settings, enter “http://internetbox” or “192.168.1.1” in your browser and log in with your Internet-Box “admin” password. Switch to expert mode and select the menu item “Network”. IPv6 is activated as standard on the Internet-Box when using the standard IPv6 firewall level.
Firewall level setting
The firewall offers protection to your home network from unauthorised access via the Internet. To specify the incoming and outgoing connections that you would like to authorise, you can select from a range of firewall levels or define rules manually. The strict level is set for all Internet-Boxes by default (from Internet-Box release 11.3). The following provides a description and a brief explanation of the different levels:
- Deactivated: Only one basic data traffic control is activated to protect against invalid and harmful data traffic because the firewall has been deactivated. This mode is not recommended.
- Standard: If the “standard” firewall level is activated, IPv6 data traffic is permitted in both directions (incoming and outgoing) with the exception of a group of standard protocols. IPv4 data traffic can only be initiated from the home network to the Internet.
Other basic data traffic controls are activated to protect against illegal and harmful data traffic. - Strict: If the “strict” firewall level is activated, IPv6 data traffic is permitted in both directions (incoming and outgoing) with the exception of a group of standard protocols. IPv4 data traffic can only be initiated from the home network to the Internet.
Other basic data traffic controls are activated to protect against illegal and harmful data traffic. - User-defined (Advanced): You can configure the firewall settings independently.
User-defined firewall settings
- Go to “User-defined” and click “Configure” to define your rule.
- Click the dropdown menu and select an option to define a basic procedure.
For IPv4, “Permit outbound IPv4 data traffic” is the default setting
For IPv6, “Block incoming / Allow outgoing” is the default - Click “Save”
- If you wish, you can add a rule; to do so, click “Add new rule”.
- You now have two options to choose from. The default setting allows you to create your own rule for each aspect. For a user-friendly configuration, opt for one of the predefined rules. Select it from the dropdown list underneath.
- If you select predefined rules, you will still be able to change parameters such as protocol, port and procedures. You can now also define rules for individual devices.
- Click “Save” to define and activate the rule.
LAN protocols
There are two categories: Firstly, the “LAN protocols”; that is, protocols that can typically be used only within the same local network, but not over the Internet. By default, the firewall blocks these protocols in both directions, incoming and outgoing.
|
Description |
Short name |
Port Number |
Transport protocol |
|
Kerberos |
kerberos-sec |
88 |
TCP/UDP |
|
SUN Remote Procedure Call |
sunrpc |
111 |
TCP |
|
Microsoft Remote Procedure Call |
msrpc |
135 |
TCP |
|
NETBIOS Session Service |
netbios-ssn |
139 |
TCP |
|
Microsoft SMB Domain Server |
microsoft-ds |
445 |
TCP |
|
Remote Login |
login |
513 |
TCP |
|
Remote Shell |
shell |
514 |
TCP |
|
Apple Filing Protocol |
afp |
548 |
TCP |
|
Internet Printing Protocol |
ipp |
631 |
TCP |
|
Simple Service Discovery Protocol |
ssdp |
1900 |
UDP |
|
Simple Service Discovery Protocol |
ssdp |
2869 |
TCP |
|
Web Services Dynamic Discovery |
upnp-discovery |
3702 |
UDP |
|
Multicast DNS |
mdns |
5353 |
UDP |
|
Link-Local Multicast Name Resolution |
llmnr |
5355 |
UDP |
Remote maintenance protocols
Secondly, there is the group of “remote maintenance protocols”. These allow other devices to be accessed over the Internet (remote maintenance). The firewall allows these protocols in an outbound direction (e.g. http port 80, used for normal web surfing). They are blocked in the inbound direction to the home network.
|
Description |
Short name |
Port Number |
Transport protocol |
|
Secure Shell Login |
ssh |
22 |
TCP |
|
Telnet |
telnet |
23 |
TCP |
|
Web GUI |
http |
80 |
TCP |
|
Microsoft Remote Desktop Protocol |
ms-wbt-server |
3389 |
TCP |
|
Virtual Network Computing |
vnc |
5900 |
TCP |
Do you have any questions or need help with setup? The Swisscom Community will be happy to assist; simply leave a comment below.
