Router Firewall Settings

Discussion in 'other firewalls' started by Escalader, Dec 14, 2009.

Thread Status:
Not open for further replies.
  1. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    In this forum we always talk 99% about software firewalls. As I am slowly setting up a wireless network using WPA2 I opened up the router User Guide and found this information on enabling filtering with the router.

    I hope this thread can remain here as the linkage to SW FW's is obvious. What the router can't filter presumably would be handled by the SW FW.

    This happens to be a Linksys WRT160N router but this fact IS NOT the point of this thread.

    I would like to get some solid feedback from the technical experts here on the wisdom or not of enabling some of these features to take load away from my Notebook Software Firewall and possibly provide 100% certainty on the filtering.

    If anybody has any authoritative links on how to exploit router based firewalls please provide it or even better if anybody has done this themselves and know the dos and don'ts.


     
  2. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    Make sure you change the password. It is often set as "administrator" as the default setting.
     
  3. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Yes, that's correct.

    I was trying to ask about the HW FW settings in the router itself! You can block certain protocols thus saving effort by SW FW from detecting and blocking them.!
     
  4. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    With Linksys, it's "Admin"

    Most newer models of Linksys, user/pass is admin/admin
    Older models..user/pass was <blank>/admin
     
  5. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    By default all home grade routers put any/all PCs behind them behind their NAT firewall, so all 65,000 plus ports are closed, your PC is hidden from the internet. You have to actively bypass that to get ports exposed by doing port forwarding....or by doing the insane "DMZ".

    Default settings..fine. Make sure firmware is later version, sit back and enjoy.
     
  6. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,121
    Location:
    USA
    .
    I would not filter java or activeX since I think it would degrade the browser experience, though you can always just try it and see what the impact is. As noted you want to change the logon credentials for the router settings. I would also disable "remote administration" which enables access the router settings over the internet (if the router has that option). Some folks recommend disabling UPnP (universal plug and play) since malware could use this compromise the firewall. If you don't need the various VPN (tunneling) features turn those off as well. If you have a static IP you could use a DNS filtering service, such as OpenDNS, to block various dangerous categories of web content (porn, violence, etc). If you have a dynamic IP you could still use OpenDNS filtering, but on the desktop instead of the router (using their dynamic IP monitoring software). Hope this helps.
     
  7. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Yes, thanks it does help. I already use OpenDNS so that works for me. On the java and activex I agree those I will manage via the FF white lists.

    Where I flounder ( never being a network guy) is this tunneling matter. Does W 7 rely on that how do I know if I'm using it NOW and just don't know?:oops:

    I have Nod32 V4, OP 6.7.1, FF but apart from that I can't figure the tunnelling.
     
  8. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    Are you talking about the VPN options? Those are compatibility modes to allow certain types of VPN traffic to "pass through" the NAT unmolested. NAT is no friendly to VPN traffic, so those switches allow you to have the router handle the VPN traffic in special ways so the VPN client does balk with errors. PPTP VPN was notorious for this, so routers came out with settings to allow the type of PPTP VPN packets..IP type 47 GRE, to pass through NAT unmolested. Not related to your security.
     
  9. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,121
    Location:
    USA
    .
    The tunneling options have to do with VPN (virtual private networking). You would only need to configure those options if you needed to connect to your own computer remotely to access your data, etc. If you don't need to do that you can turn off those features in the router.
     
  10. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    Or if you VPN from home (behind the router)...to a location out on the internet, such as your office.
     
Loading...
Thread Status:
Not open for further replies.