Help      |      Chebucto Home      |      News      |      Contact Us     

120. Firewall 101

By Andrew D. Wright

Dear Mousepad:

I am confused. Some things I read say you should have a firewall. I have a router and think I am being told I don't need a firewall. Am I correct?

Bob Brown
Dartmouth, N.S.


One of our totally cool mousepads is in the mail to you for your question, Bob.

A router (pronounced row-ter with row sounding like cow) is a device used to connect networks together. It also acts as a firewall for incoming data packets.

Let's start with the basics. The Internet is a vast collection of computers all over the world that talk to each other using data packets. These data packets are addressed like an envelope and sent out from one computer to another.

Think of it like someone sending you a jigsaw puzzle through the mail with one or two pieces in each envelope. Eventually you get the whole puzzle.

Now imagine that the mail system is for a big apartment building. Each tenant would have their own mailbox and anything sent to the building not addressed to one of the tenants would get thrown away. That's basically what a firewall does.

On your computer there are 65,535 TCP (Transmission Control Protocol) ports that can be used for network communication. Each of these ports can send and receive data. Many of the lower-numbered ports have specific functions. Other protocols can also have ports or port ranges assigned to them.

For instance, when you use a web browser to get a web page from a server, your computer is talking to the web server on TCP port 80, the port set aside for web page traffic. Port 80 on the web server is open so requests for web pages can be received and served.

A router uses NAT, or Network Address Translation, to set up a protected subnet, a small local network. A computer behind the router on the subnet would only receive data packets it had asked for. All other data packets sent to the router from the outside world would simply be deleted.

In other words, routers act as natural firewalls for incoming traffic. Data packets used in network-based attacks on your computer will be silently destroyed by the router before they can ever get to your computer.

Rules can be set on the router to forward traffic to specific ports on specific computers on the protected subnet so that programs that need to use certain ports can do so.

When setting up a router, be sure to change the default password to something secure and make sure that remote administration of the router is turned off. This is safer since it means a computer has to be physically plugged into the router to change any router settings.

A wireless router can set up a subnet using radio waves instead of network cables to connect the computers. It's a good idea to restrict the access to this protected subnet using WPA (Wifi Protected Access) or WPA2, and a strong password.

Firewalls can control outgoing traffic as well as incoming traffic. Controlling outgoing traffic means that a program on your computer that wanted to talk to the Internet would need to be approved first. This usually requires firewall software running on the computer itself.


Test open ports on your computer:

Shields Up! :


Listing of Ports for Internet Service:


Warriors of the Net (animated video on networks):

Tip of the Chebucto chapeau to Chris Watt for the video recommendation.


The Mousepad runs every two weeks. It's a service of Chebucto Community Net, a community-owned Internet provider. If you have a question about computing, email or click here. If we use your question in a column, we'll send you a free mousepad.


The Mousepad Index


Originally published 30 November 2007


Our community is online here!


This column is provided as a community service by