Ever installed a firewall only to find that you now loose your Internet connection for unknown reasons? If so then it may be that the configuration of the firewall is the problem.
Most ISP's (especially in the UK) provide Internet access using a dynamic IP address supplied via a DHCP server. An IP (Internet protocol) address is a unique address which is used to identify a device on the Internet so that IP packets can be transferred to and from it. When paying for a connection with an ISP you are normally paying for the lease of an IP address and also a method of transferring data over their network, for example a cable or xDSL modem.
As most users are not constantly connected to the Internet it is unnecessary to individually allocate each user their own IP address, instead they are leased one each time they connect to the Internet by the ISP's DHCP (Dynamic Host Control Protocol) server. Lease times vary between ISP's however they are generally around 24 hours and once a lease expires the DHCP server chooses to either renew the lease for the current IP address or issue a completely new IP address. If you would like to check your lease time then you simply need to view your IP information.
A firewall works by blocking ports and preventing unwanted data from travelling into or out of a computer system. When initially installed, a firewall may tend to block all ports on a system and alert the user when an application attempts to utilise them. For example the first time you load your web browser your firewall will most likely alert you that the application is attempting to utilise port 80 and will give the the options of allowing this conneciton, blocking the connection, or creating a rule which will be applied everytime the program makes a port 80 request. This process applies for all applications that make use of ports, for example email, news, FTP etc.
Whilst the firewall is doing a great job of controlling and restricting traffic flow it may in fact be blocking communication between your computer and your ISP's DHCP server. Why is this necessary you may ask, since I already have an IP address? Well there are several reasons, however the first most important is that your IP address is only on a lease, and although that lease may be 24 hours that doesn't mean that the DHCP forgets about you until the lease expires and then decides on what to do. Instead it regularly communicates with your system to ensure that you are still connected and utilising the IP address you have been leased, for example you may have simply switched off your modem! This communication occurs several times during the lease period and if a firewall is actually blocking this so called 'broadband heartbeat' then the DHCP server will mostly likely assume that you are no longer connected and revoke access via that IP address.
There is however a solution to this problem and this varies between firewalls but the principles remain the same. To allow constant, interupt free connection with your ISP's DHCP server then you must find the IP address of the DHCP server and add it, along with the associated subnet mask, to the list of trusted IPs that your firewall will allow. Once done you should be free from problems.
Stephen is a Cisco qualified network administrator for a leading University and is currently studying towards an MSc in Telelecommunications.