an applicable FAQ
(<-linky) from the outpost firewall forum. a few years old but still generally applicable.
... Scans with a Router
If your Internet connection uses a router (an option for xDSL, cable and satellite connections - not dial-up however) then that router will have its own Internet address and will use Network Address Translation (NAT) to amend packets allowing you to share the Internet connection between several computers. This is an advantage security-wise since the router will be visible on the Internet rather than your computer, but it can make certain applications and online scans harder to set up.
In this case, check the router's configuration - many can be set to give "stealthed" ports but the exact details will depend on the make and model of router. If you do not have appropriate documentation on this, then try an Internet search to see what other users have done.
To scan your PC (and Outpost) you will need to either:
Scans with Proxy Servers
- Reconfigure your router (temporarily!) to pass all incoming packets to your computer - this may be refered to as creating a DMZ, DeMilitarized Zone, or Port Forwarding (for all ports) or;
- Disconnect from your router and use a dial-up connection for the duration of the test only.
If you do not use a router but still have different IP addresses reported, then the next most likely cause is a proxy server. These are common in work or school environments and may be used by some ISPs. In such a case, there may no easy method of obtaining a direct connection, other than attempting a dial-up connection (with another ISP if possible). If in doubt, contact the proxy administrator. ISP Filtering
There have been cases of people getting "Closed" results for certain ports without having a router or proxy server. In such cases, it is possible that the ISP is blocking some ports and returning an error message in order to prevent the spread of certain worms or trojans. This is most likely for ports widely used by such worms - notably 135-139 and 445.
if you run the grc steallth test, the section of the results page below the graphic goes into more detail on why you might pass without any apparent hardware or software protection. worth reading the whole thing.
while a hardware router/firewall in general offers excellent protection from the outside, it does not protect you from threats inside the firewall, ie. other pc's on the network and/or software that communicates from inside.
i use a software firewall to take care of that aspect, and it also covers a number of other aspects of malware protection, such as HIPS, IP blocking via lists of bad sites, registry and system file protection, anti-leak protection from unpatched exploits, etc. that the hardware firewall does not.
windows 7's upgraded firewall will now cover outgoing, but is quite difficult to configure and manage effectively.
all in all, a layered defence is still a good choice, tho some may not need all the layers. depends on your level of perceived threat and past experience with removing infections or having been a victim of more malicious stuff.
i am of course prejudiced as to which third party firewall to use.