Firewall & Port Basics

Gaming in general is fun, but there's something about multiplayer gaming that's
even more enjoyable. Perhaps it's the satisfaction of realizing that the car
you just passed in the last lap is being driven by a real person, like you, and
not some computer program.

But the Internet connection that makes gaming so much fun also serves as a
doorway through which nefarious hackers can send malicious code, causing havoc
with your computer. Broadband users are especially fertile targets for bad
seeds. That's why a firewall is so important. A good firewall, such as Internet
Connection Firewall (ICF) that comes with Windows XP, protects your computer
from attacks.

A firewall works by blocking communication ports that are used to transfer
data to and from your PC. However, games (and all applications that work over
the Internet) use those ports to communicate. This raises some questions that
we frequently encounter on message boards and in the Usenet: how does a
firewall affect the performance of online gaming? What do you have to do to
enjoy online gaming with a firewall in place? I'll answer these questions in
this article.

How Ports Work
To get the most out of online gaming through a secure connection, you have to
have some idea of how games communicate over the Internet and how a firewall
works. Don't worry; this discussion won't get inaccessibly technical. I'll
stick to layman's terms. To start with, let's look at how programs talk to
each other over the Internet. All Internet-aware programs communicate with
each other through ports. What, exactly, is a port?

Think of your Internet connection as a water conduit. But instead of thinking
of it as one big pipe, picture it as a conglomeration of thousands of small
pipes: 65,535 of them, to be exact. That is the number of Internet ports
through which communications can take place.

Different services use different ports—the assignment of which service uses
which port is more or less arbitrary. For example, World Wide Web communi-
cations use port 80. Why port 80? Because a few years ago, a bunch of
Internet-related people got together and decided that that's how it would be.
Similarly, SMTP e-mail traffic uses port 25. Those same people decided that
that's how that would go, and so on. These and other services use protocols
to transmit and receive their data through these ports. Two protocols that
they use are Transmission Control Protocol (TCP) and User Datagram Protocol
(UDP).

The 65,535 ports are divided into three groups: Well Known Ports (ports 0
through 1023), Registered Ports (ports 1024 through 49151), and Dynamic or
Private Ports (all the rest). A list of port numbers and what services
commonly use them is kept up by the Internet Assigned Numbers Authority.

Like other services, the Internet components of games use ports and protocols
to communicate over the Internet. When you play Halo online with a bunch of
other people, it has to transmit your keyboard and mouse-click data to the
server so it can tell when you move around or fire your weapon. In turn it
has to transmit world data back to your computer so you can see where other
people move so you can aim at them and chase them around. Halo and other
multiplayer games like the Quake family, Half-Life and mods such as Team
Fortress Classic and the popular Counter-Strike, Medal of Honor: Allied
Assault, Battlefield 1942 send their data down ports and listen for data from
the same or other ports. Game matchmaker services like GameSpy Arcade also
use ports to communicate.

Firewalls block ports. They are, by their very nature, communications-
blocking applications. By closing off ports, they prevent malicious entities
from gaining access to your computer through your Internet connection. But
doesn't that mean they also block traffic for benign applications that you
want to have access to the Internet, such as your Web browser, your e-mail
application, and online games?

The answer is sort of. Picture a computer firewall in terms of its namesake.
A firewall in construction terms is a specially insulated wall between office
suites or apartments, which prevents fires in one suite from spreading to the
next suite. But sometimes builders want water or electrical conduits to pass
through the firewall. That's easy enough—they just poke a hole through the
wall, run their conduit through, and insulate around it. Computer firewalls
let you do just that. They let you open specific ports while keeping other
ports sealed off.

Gaming through ICF
So when do you need to open ports? Believe it or not, when you want to play
client-server games like Return to Castle Wolfenstein or Call of Duty on a
distant server, you don't have to open any ports. That's because firewalls
block data coming in, but not going out. When your PC sends handshake data
out to the server, a connection is established, and once that connection is
fired up, it allows your game to communicate through the firewall.

However, when you wish to host a multiplayer session or play a peer-to-peer
game like Age of Empires, you do have to do a little footwork. In the case
of starting a server, your PC does not initiate a connection. When you start
up a game and choose to host a server, it just sits there and waits for other
computers to connect to it. When ICF is in place, those other computers can't
connect. In fact, they can't even see that your PC is hosting a server.
You'll have to open one or more ports to allow other players to connect to
your server. Such is also the case with peer-to-peer games, in which each
participant has to connect to everyone else's computer. Thankfully, most
games use a client-server implementation.

To open ports in your ICF firewall:
1) Click Start, click My Network Places, and under Network Tasks, click View
network connections.
2) Right-click the connection that you use for the Internet, and then click
Properties.
3) On the Advanced tab, click Settings, and then click Add.
In the Description of service box type a name for the port you're opening. For
example, "Halo Server."
4) In the Name or IP address of the computer hosting this service on your
network box, type 127.0.0.1.
5) In both the External Port and Internal Port boxes, type the port number you
want to open.
6) Click either TCP or UDP, and then click OK. If you're unsure, repeat the
process for both protocols.

If you choose to make things easier, you can opt to turn off ICF when hosting
a game and turn in it back on when you're done. However, this leaves your
computer vulnerable while your PC is acting as the game server.

Which ports do you open? Different games use different ports and some use TCP,
some use UDP, and some use both. You can often find out which ports are used
by a given game by consulting the game's documentation, its Readme file, or by
visiting its Web site and checking the FAQ pages. Some games make port
information readily accessible, and for others, it's hard to come by. You
might try visiting a game's Usenet group or the message boards at its official
site or fan sites and posing the question: which ports do I open to host a
server? In some cases, you'll not only have to open ports for the game's own
needs, but also to meet the needs of its matchmaker service, so that your
server can be listed in other players' server browsers.

Be sure to close the affected ports when you're not hosting a gaming server
to keep your connection secure. That sounds like a lot of footwork, but it's
worth it to keep your computer safe.

For more information check out http://www.tornadocomputers.com