A Broadband and ADSL forum. BroadbanterBanter

Welcome to BroadbanterBanter.

You are currently viewing as a guest which gives you limited access to view most discussions and other FREE features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today.

Go Back   Home » BroadbanterBanter forum » Newsgroup Discussions » uk.telecom.broadband (UK broadband)
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

uk.telecom.broadband (UK broadband) (uk.telecom.broadband) Discussion of broadband services, technology and equipment as provided in the UK. Discussions of specific services based on ADSL, cable modems or other broadband technology are also on-topic. Advertising is not allowed.

Linksys wifi router - config for minimum open ports



 
 
Thread Tools Display Modes
  #1  
Old December 15th 03, 05:42 PM posted to comp.dcom.sys.cisco,uk.telecom.broadband
Kirk Goins
external usenet poster
 
Posts: 2
Default Linksys wifi router - config for minimum open ports

I have a Linksys WRT54G at firmware 1.30.7 and it supports port
forwarding and filters based on "THE" outside IP of the router. You can
forward inbound ports to seperate inside IPs. The filters can be used to
block/allow outbound traffic

Peter wrote:
I am about to get one of these (ethernet - ethernet/wifi product).

While it may seem bizzare to post this question before having it... it
will have to be configured for a fairly strict access list. The
following access list comes from a Cisco 803 router which works fine
in that application (www, email, ftp, sntp ONLY).

Is there an equivalent config for the Linksys?

When I bought the 803, the handbook contained basically a wide-open
ACL and this causes problems with today's constant Blaster etc
attacks. This is for a friend and I can't guarantee that every PC on
the wifi network will have the latest O/S patches...

outgoing:

access-list 100 permit tcp any any eq www
access-list 100 permit udp any any eq domain
access-list 100 permit tcp any any eq domain
access-list 100 permit tcp any any eq nntp
access-list 100 permit tcp any any eq pop3
access-list 100 permit tcp any any eq ftp
access-list 100 permit tcp any any eq ftp-data
access-list 100 permit tcp any eq ftp-data any
access-list 100 permit tcp any any established

incoming:
access-list 150 permit tcp any any established
access-list 150 permit udp host 195.8.69.7 eq ntp any
access-list 150 deny tcp any any eq ftp-data
access-list 150 permit tcp any eq ftp-data any
access-list 150 deny icmp any any echo
access-list 150 permit icmp any any
access-list 150 permit tcp any any eq ident
access-list 150 permit tcp any any eq smtp
access-list 150 permit udp any eq domain any
access-list 150 deny ip any any

Peter.
--
Return address is invalid to help stop junk mail.
E-mail replies to but remove the X and the Y.
Please do NOT copy usenet posts to email - it is NOT necessary.


  #2  
Old December 15th 03, 08:03 PM posted to comp.dcom.sys.cisco,uk.telecom.broadband
Walter Roberson
external usenet poster
 
Posts: 15
Default Linksys wifi router - config for minimum open ports

In article ,
Peter wrote:
:Is there a cross-reference somewhere so I can translate a Cisco IOS
:access list to the Linksys equivalent ?

You are assuming that the Linksys has a CLI. The device you are
trying to configure for has a GUI instead. There are known hacks for
that model that allow you to get down to a shell prompt (that particular
model runs Linux internally, but most Linksys devices do not),
but the hacks take a bit of effort.

What I gather from what I've read is that Linksys devices block
new incoming connections by default, and that there is a menu to allow
you to configure exceptions. If it works similarily to the Netgear
model I'm accustomed to, it's a pretty simple matter of configuring
an outside port number, an inside IP address, and an inside port number.
[I don't know if you can even control whether it is tcp or udp.] The
conversion would thus be (in PIX notation, not IOS, sorry)

static (inside, outside) tcp interface OUTSIDEPORT INSIDEIP INSIDEPORT netmask 255.255.255.255
access-list out2in permit tcp any interface eq OUTSIDEPORT

would become the table entry

tcp OUTSIDEPORT INSIDEIP INSIDEPORT

with there being no equivilent to using any destination other than
'interface' (the outside IP address). My Netgear (from a couple of
generations ago) had no equivilent in that table to using anything
other than 'any' as the source.

I know my old Netgear has a filter page, but I never had reason to use it.
For you, the only reason to use the Linksys equivilent would be for
enforcing your rule "permit udp host 195.8.69.7 eq ntp any" to ensure
that only 195.8.69.7 could ntp in.
--
Perposterous!! Where would all the calculators go?!
  #3  
Old December 15th 03, 08:07 PM posted to comp.dcom.sys.cisco,uk.telecom.broadband
Kirk Goins
external usenet poster
 
Posts: 2
Default Linksys wifi router - config for minimum open ports

There's no CLI if you will for the Linksys... If you have "EVER" done
anything with "ANY" router then the Browser based interface will be no
problems... Point and Click. If Cisco stuff was that easy...

Peter wrote:
Kirk Goins wrote


I have a Linksys WRT54G at firmware 1.30.7 and it supports port
forwarding and filters based on "THE" outside IP of the router. You can
forward inbound ports to seperate inside IPs. The filters can be used to
block/allow outbound traffic



Is there a cross-reference somewhere so I can translate a Cisco IOS
access list to the Linksys equivalent ?


Peter.
--
Return address is invalid to help stop junk mail.
E-mail replies to but remove the X and the Y.
Please do NOT copy usenet posts to email - it is NOT necessary.


  #4  
Old December 15th 03, 08:40 PM posted to comp.dcom.sys.cisco,uk.telecom.broadband
Walter Roberson
external usenet poster
 
Posts: 15
Default Linksys wifi router - config for minimum open ports

In article ,
Kirk Goins wrote:
:There's no CLI if you will for the Linksys...

There is, but it isn't trivial to get to.

http://www.seattlewireless.net/index.cgi/LinksysWrt54g
--
"[...] it's all part of one's right to be publicly stupid." -- Dave Smey
  #5  
Old December 15th 03, 10:55 PM posted to comp.dcom.sys.cisco,uk.telecom.broadband
Lars M. Hansen
external usenet poster
 
Posts: 1
Default Linksys wifi router - config for minimum open ports

On Mon, 15 Dec 2003 19:38:01 +0000, Peter spoketh


Kirk Goins wrote

I have a Linksys WRT54G at firmware 1.30.7 and it supports port
forwarding and filters based on "THE" outside IP of the router. You can
forward inbound ports to seperate inside IPs. The filters can be used to
block/allow outbound traffic


Is there a cross-reference somewhere so I can translate a Cisco IOS
access list to the Linksys equivalent ?


Peter.



There's no such things. These Linksys devices are very simplistic.
Basically, nothing is allowed inbound unless specifically allowed
(good), and everything is allowed outbound unless specifically blocked
(bad). It is very limited how many ports you can open for inbound
access, and equally limited how many port (ranges) you can block for
outbound access.


Lars M. Hansen
http://www.hansenonline.net
(replace 'badnews' with 'news' in e-mail address)
 




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Linksys wifi router - config for minimum open ports News Account uk.telecom.broadband (UK broadband) 0 December 15th 03 02:02 PM
Can Linksys broadband/wifi routers run inbound/outbound access lists? Phillip Remaker uk.telecom.broadband (UK broadband) 2 December 6th 03 06:11 PM
Can Linksys broadband/wifi routers run inbound/outbound access lists? Walter Roberson uk.telecom.broadband (UK broadband) 0 December 5th 03 05:13 PM
linksys kit wap11 wifi access point and wpc11 pcmcia card Paul Woolley uk.telecom.broadband (UK broadband) 0 October 22nd 03 05:28 PM
ADSL alcatel speedtouch router stealth ports Mori uk.telecom.broadband (UK broadband) 1 September 7th 03 05:31 PM


All times are GMT +1. The time now is 11:33 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.Content Relevant URLs by vBSEO 2.4.0
Copyright 2004-2019 BroadbanterBanter.
The comments are property of their posters.