Firewalls permit or deny network transmissions based upon a set of rules and are frequently used to protect networks from unauthorized access while permitting legitimate communications to pass.
Firewalls filter communication based on IP address and port. They will often block all communication unless specific applications are permitted to pass. This block is typically one way. A computer behind a firewall can send outgoing requests but does not accept incoming connections on blocked ports.
There are two main levels of firewalls that you should be aware of.
- Local Software Firewall: on your system there may be a firewall installed. Depending on the security settings, to allow incoming requests even from the local network you may need to open the firewall control panel and allow access on the incoming port.
- Network Firewall: There is probably a network firewall that filters communications from the internet. This is controlled by the network administrator.
When to Open a Port:
You should only open ports if the situation requires it. Keep in mind that only incoming requests are blocked by a firewall. This means that an application can still communicate outward. This is why typically only the server needs an open incoming port as both the sources and sinks will direct their request at the server.
Picture the following scenarios. In each scenario one of the two devices will be behind a firewall blocking port 3333 that DataTurbine is using to communicate. The other device will allow connection on the port.
- Source behind a firewall communicates with server with an open port.
It works! The source initiates the connection and the server accepts it since its ports are open.
- Source with an open port tries to communicates with a server behind a firewall.
No connection is made, as the source tries to set up a connection but all incoming connections on port 3333 are blocked on the server
- Sink with an open port tries to communicate with a server behind a firewall.
No connection is made, the sink tries to set up a connection but all incoming connections on port 3333 are blocked on the server.
- Sink behind a firewall tries to communicate with a server with an open port.
It works! The sink initiates the connection and the server accepts it accepts incoming connections.
Usually a single Public IP is shared by multiple devices on a network. For larger institutions multiple public IPs can service hundreds of clients. The router and firewall handles management of communication between the local network and the internet.
To accept incoming communications ports on the Public IP the router needs to be configured to accept the connection and to forward it to a specific private IP and a port on that specific machine. Usually this is done by the network administrator, but it is important to understand this process to know what to ask for.
In the case you are the network administrator, we would highly encourage you to research port forwarding for your networking equipment. Good network architecture is critical to successful data management and delivery.