A4Proxy cannot substitute a firewall. Although A4Proxy effectively handles all requests coming to the ports which it opened itself, it cannot watch other ports so it is a good idea to run additional firewall software along with A4Proxy.
There are several considerations to take into account when configuring the firewall.
Surfing through A4Proxy requires that A4Proxy should have access to the Internet; at least ports 80, 8080, 3128 must be open for outgoing (outbound) traffic, but in fact, a website can operate on any port, so it is better to open all ports for outgoing traffic for A4Proxy, just like you do for your web browser.
Checking proxies for anonymity involves a special technique: A4Proxy makes the proxies connect to your own computer as if it was a web-server; this allows A4Proxy to analyze proxies for anonymity very thoroughly but at the same time requires that some inbound traffic should be enabled to pass through the firewall.
In order to communicate with your web browser, A4Proxy uses the port selected in the Browser Port option. By default the value is 80 (the same as the default value of the Check Port). The Browser Port is always open for the programs that run on the same computer where A4Proxy is installed.
Note that during the checking, requests come to your computer from the “outside”, unlike ordinary browsing, when requests go from your computer to the destination servers. Incoming requests are never required for ordinary surfing and therefore they are often blocked by firewalls and sometimes by providers.
A4Proxy uses the port selected in the Check Port option on the Proxy Options tab for Loopback proxy checking (you will see incoming requests on port 80 if you haven’t changed that port); also, A4Proxy tests proxies on support for Secure HTTP and FTP protocols using ports 443 and 21 correspondingly. These additional tests are run if you check the option “Reset Data” on the Proxy Options tab AND the option “Check for HTTPS/FTP support on reset data” on the Proxy Options tab. The ports are open only during the checking.
How you should set up your firewall depends on how often you prefer to check proxies. The simplest strategy would be to simply disable the firewall completely for the period of checking proxies (a few minutes) and then, after the proxies have been tested, enable the firewall again. If you check proxies quite often, you can enable inbound traffic on port selected in the Check Port option in A4Proxy: this is the port used for ordinary checking. Checking for HTTPS/FTP support takes some time and needn’t be performed often, in fact it is enough to test this only once for a proxy: although the speed and anonymity of proxies may change (especially speed), support for these protocols will hardly change. You can create special rules in your firewall to enable inbound traffic on ports 21 and 443 but it is much simpler to just disable the firewall in those rare cases when you do check proxies for HTTPS/FTP.
BlackIce Defender firewall.
You need to set BlackIce to Trusting mode when you check proxies.
Open the Configuration dialog, here’s how to do it: http://advice.networkice.com/Advice/Support/KB/q000019/default.htm
Set the protection level on the Protection tab to Trusting http://advice.networkice.com/Advice/Support/KB/q000020/default.htm
Check all proxies.
Set the protection level back to the initial state.
ZoneAlarm firewall.
You need to allow A4Proxy to function as a server in order to be able to check proxies. Please enable the appropriate settings in the ZoneAlarm Control Center, on the Programs tab. In addition to that, during the proxy tests, you must have the “Block Internet Servers” option unchecked on the Security tab in ZoneAlarm.
Windows XP built-in firewall.
You may need to configure the firewall built into Windows XP so that A4Proxy will be able to check proxies.
In your dial-up connection settings, click the Properties button (fig.1), go to the Advanced tab (fig.2), and then, if the option called “Protect my computer and network by limiting or preventing access to this computer from the Internet” is enabled (which means the built-in firewall is activated), press the Settings… button at the bottom of the dialog box. Another dialog box will appear, with a list of current firewall rules (fig.3). Press the Add button there, you will have yet another window, with two radio buttons and four fields (fig.4).
In the Description of Service field, enter “A4Proxy Check” or something similar.
Name or IP address… – 127.0.0.1
External port number for this service – enter the port number selected in A4Proxy in the option called “Check Port” (Proxy Options tab in A4Proxy). Note that the example (fig.4) illustrates the fact that A4Proxy allows you to change the Check Port to any value, so in your case the port number may be different from the one shown in the picture. Look at the Check Port setting in A4Proxy to find out your current port number
Internal Port number for this service – leave empty.
Set the radiobutton to TCP setting (which is the default option anyway).