Router Firewall Settings

In this forum we always talk 99% about software firewalls. As I am slowly setting up a wireless network using WPA2 I opened up the router User Guide and found this information on enabling filtering with the router.

I hope this thread can remain here as the linkage to SW FW's is obvious. What the router can't filter presumably would be handled by the SW FW.

This happens to be a Linksys WRT160N router but this fact IS NOT the point of this thread.

I would like to get some solid feedback from the technical experts here on the wisdom or not of enabling some of these features to take load away from my Notebook Software Firewall and possibly provide 100% certainty on the filtering.

If anybody has any authoritative links on how to exploit router based firewalls please provide it or even better if anybody has done this themselves and know the dos and don'ts.

 

Make sure you change the password. It is often set as "administrator" as the default setting.

 

Yes, that's correct.

I was trying to ask about the HW FW settings in the router itself! You can block certain protocols thus saving effort by SW FW from detecting and blocking them.!

 

With Linksys, it's "Admin"

Most newer models of Linksys, user/pass is admin/admin
Older models..user/pass was <blank>/admin

 

By default all home grade routers put any/all PCs behind them behind their NAT firewall, so all 65,000 plus ports are closed, your PC is hidden from the internet. You have to actively bypass that to get ports exposed by doing port forwarding....or by doing the insane "DMZ".

Default settings..fine. Make sure firmware is later version, sit back and enjoy.

 

.
I would not filter java or activeX since I think it would degrade the browser experience, though you can always just try it and see what the impact is. As noted you want to change the logon credentials for the router settings. I would also disable "remote administration" which enables access the router settings over the internet (if the router has that option). Some folks recommend disabling UPnP (universal plug and play) since malware could use this compromise the firewall. If you don't need the various VPN (tunneling) features turn those off as well. If you have a static IP you could use a DNS filtering service, such as OpenDNS, to block various dangerous categories of web content (porn, violence, etc). If you have a dynamic IP you could still use OpenDNS filtering, but on the desktop instead of the router (using their dynamic IP monitoring software). Hope this helps.

 

Yes, thanks it does help. I already use OpenDNS so that works for me. On the java and activex I agree those I will manage via the FF white lists.

Where I flounder ( never being a network guy) is this tunneling matter. Does W 7 rely on that how do I know if I'm using it NOW and just don't know?

I have Nod32 V4, OP 6.7.1, FF but apart from that I can't figure the tunnelling.

 

Are you talking about the VPN options? Those are compatibility modes to allow certain types of VPN traffic to "pass through" the NAT unmolested. NAT is no friendly to VPN traffic, so those switches allow you to have the router handle the VPN traffic in special ways so the VPN client does balk with errors. PPTP VPN was notorious for this, so routers came out with settings to allow the type of PPTP VPN packets..IP type 47 GRE, to pass through NAT unmolested. Not related to your security.

 

.
The tunneling options have to do with VPN (virtual private networking). You would only need to configure those options if you needed to connect to your own computer remotely to access your data, etc. If you don't need to do that you can turn off those features in the router.

 

Or if you VPN from home (behind the router)...to a location out on the internet, such as your office.