A Broadband and ADSL forum. BroadbanterBanter

Welcome to BroadbanterBanter.

You are currently viewing as a guest which gives you limited access to view most discussions and other FREE features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today.

Go Back   Home » BroadbanterBanter forum » Newsgroup Discussions » uk.telecom.broadband (UK broadband)
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

uk.telecom.broadband (UK broadband) (uk.telecom.broadband) Discussion of broadband services, technology and equipment as provided in the UK. Discussions of specific services based on ADSL, cable modems or other broadband technology are also on-topic. Advertising is not allowed.

DG834G Firewall setup



 
 
Thread Tools Display Modes
  #1  
Old February 1st 04, 07:24 PM posted to uk.telecom.broadband
Peter Crosland
external usenet poster
 
Posts: 167
Default DG834G Firewall setup

I am about to get ADSL with Plusnet and have purchased a DG834G so that I
have the choice of using my desktop or notebook. This may be overkill but
there we are! How much do the default firewall setting need altering to
provide adequate protection? Are there any specific settings that I should
alter and how?

--



  #2  
Old February 1st 04, 09:21 PM posted to uk.telecom.broadband
Tiny Tim
external usenet poster
 
Posts: 173
Default DG834G Firewall setup

Peter Crosland wrote:
I am about to get ADSL with Plusnet and have purchased a DG834G so
that I have the choice of using my desktop or notebook. This may be
overkill but there we are! How much do the default firewall setting
need altering to provide adequate protection? Are there any specific
settings that I should alter and how?


I have a DG834G. I'm a regular home user and not a network techy so if
anyone feels the need to correct the following then go ahead, but as I
understand it....

Default is to stealth all ports for incoming comms so you will be invisible
to the outside world on your ADSL link. But there is no block on outgoing
comms at all by default so if you catch a trojan or spyware you will be
vulnerable. You can overide any port settings by range or individually in
either direction so you can always fix the hole. Personally I haven't
bothered.

The wireless side is left wide open by default but this is the best way to
get started an make sure everything connects in the first place. I have
manually disabled SSID broadcast, enabled WEP 128 bit encryption and only
allow approved MAC addresses to connect wirelessly. I've also implemented
Open Key rather than Shared Key Authentication as I understand that is more
secure too. That's ample to prevent casual access but a determined hacker
can get past all those given enough time and motivation. I run a mixed B/G
network but I guess if you are only B or G then you could set the router to
ignore the other speed. If everything is at G speeds then I guess you
exclude connection by any B only devices.

FWIW I'm with PlusNet and it was very straightforward to get connected with
the DG834G. If you would like to use my referral please quote "easytiger"

Cheers,
Tim.

--
Email address is munged. Please reply to newsgroup.


  #3  
Old February 1st 04, 10:19 PM posted to uk.telecom.broadband
Peter Crosland
external usenet poster
 
Posts: 167
Default DG834G Firewall setup

Default is to stealth all ports for incoming comms so you will be
invisible
to the outside world on your ADSL link. But there is no block on outgoing
comms at all by default so if you catch a trojan or spyware you will be
vulnerable. You can overide any port settings by range or individually in
either direction so you can always fix the hole. Personally I haven't
bothered.


Thanks for that Tim. I already have outgoing connections sorted.


The wireless side is left wide open by default but this is the best way to
get started an make sure everything connects in the first place. I have
manually disabled SSID broadcast, enabled WEP 128 bit encryption and only
allow approved MAC addresses to connect wirelessly. I've also implemented
Open Key rather than Shared Key Authentication as I understand that is

more
secure too. That's ample to prevent casual access but a determined hacker
can get past all those given enough time and motivation. I run a mixed B/G
network but I guess if you are only B or G then you could set the router

to
ignore the other speed. If everything is at G speeds then I guess you
exclude connection by any B only devices.


I have set this up so that there are no broadcasts and 128 bit encryption to
a single MAC address so I am reasonably happy with that given that I am out
in the sticks.


FWIW I'm with PlusNet and it was very straightforward to get connected

with
the DG834G. If you would like to use my referral please quote "easytiger"


Sorry but I am already signed up!


  #4  
Old February 2nd 04, 06:12 AM posted to uk.telecom.broadband
Adrian Bowen
external usenet poster
 
Posts: 6
Default DG834G Firewall setup

Hi,

I have a DG834 (not G), and I have not managed to get the firewall function
to work at all yet - the default rule is as you say to block all inbound
packets, but this actually has no effect as far as I can see, they are still
being picked up by the PCs on the LAN. Adding other more specific rules to
block various ports hasn't worked either.

I have a static IP subnet, so I'm not using DHCP or NAT. Still waiting for a
response from Netgear on this.

Adrian Bowen

"Tiny Tim" wrote in message
...
Peter Crosland wrote:
I am about to get ADSL with Plusnet and have purchased a DG834G so
that I have the choice of using my desktop or notebook. This may be
overkill but there we are! How much do the default firewall setting
need altering to provide adequate protection? Are there any specific
settings that I should alter and how?


I have a DG834G. I'm a regular home user and not a network techy so if
anyone feels the need to correct the following then go ahead, but as I
understand it....

Default is to stealth all ports for incoming comms so you will be

invisible
to the outside world on your ADSL link. But there is no block on outgoing
comms at all by default so if you catch a trojan or spyware you will be
vulnerable. You can overide any port settings by range or individually in
either direction so you can always fix the hole. Personally I haven't
bothered.

The wireless side is left wide open by default but this is the best way to
get started an make sure everything connects in the first place. I have
manually disabled SSID broadcast, enabled WEP 128 bit encryption and only
allow approved MAC addresses to connect wirelessly. I've also implemented
Open Key rather than Shared Key Authentication as I understand that is

more
secure too. That's ample to prevent casual access but a determined hacker
can get past all those given enough time and motivation. I run a mixed B/G
network but I guess if you are only B or G then you could set the router

to
ignore the other speed. If everything is at G speeds then I guess you
exclude connection by any B only devices.

FWIW I'm with PlusNet and it was very straightforward to get connected

with
the DG834G. If you would like to use my referral please quote "easytiger"

Cheers,
Tim.

--
Email address is munged. Please reply to newsgroup.




  #5  
Old February 2nd 04, 08:39 AM posted to uk.telecom.broadband
Tiny Tim
external usenet poster
 
Posts: 173
Default DG834G Firewall setup

Adrian Bowen wrote:
Hi,

I have a DG834 (not G), and I have not managed to get the firewall
function to work at all yet - the default rule is as you say to block
all inbound packets, but this actually has no effect as far as I can
see, they are still being picked up by the PCs on the LAN. Adding
other more specific rules to block various ports hasn't worked either.

I have a static IP subnet, so I'm not using DHCP or NAT. Still
waiting for a response from Netgear on this.

Adrian Bowen

Repeating the "I'm not a techy" disclaimer, as far as I understand it, if
you disable NAT then you give up all the protection the router/firewall
offers. The router instructions tell you as much. Here is the text of the
"help" from the router's config page regarding NAT....

"NAT allows all LAN PCs to gain Internet access via this Router, by sharing
this Router's WAN IP address. In most situations, NAT is essential for
Internet access via this Router. You should only disable NAT if you are sure
you do not require it. When NAT is disabled, only standard routing is
performed by this Router."

Therefore no NAT = no firewall (I think).

With the DG834G you are able to reserve a specific IP address for each MAC
address of each of your devices. e.g. my laptop is always 192.168.0.3 and my
girlfriend's is always 192.168.0.2, while the Xbox gets anything else
(normally 192.168.0.4) allocated but frankly I couldn't care what it gets.
This helps allow port forwarding to the right machine when using P2P
software, for example. I don't know if this will suit your needs but perhaps
it's something to look into.

I've run a www.grc.com port scan test and with my setup I do not exist on
any of the ports tested by Shields Up. My P2P port is reported as "closed"
(no P2P running) while everything else is "stealthed".

I suppose it's of some interest that my router emailed me (at my choice) to
warn of a possible DOS attack while the port scanning took place.


  #6  
Old February 2nd 04, 02:10 PM posted to uk.telecom.broadband
Adrian Bowen
external usenet poster
 
Posts: 6
Default DG834G Firewall setup

Ahhh - thanks for that, I didn't pick up on that minor caveat in the manual!
Well spotted, you've saved me a lot of fruitless fiddling about.

Hmmm. Ok, well the DG834 might come in useful as a birthday present for
someone I guess.

Adrian


"Tiny Tim" wrote in message
...
Adrian Bowen wrote:
Hi,

I have a DG834 (not G), and I have not managed to get the firewall
function to work at all yet - the default rule is as you say to block
all inbound packets, but this actually has no effect as far as I can
see, they are still being picked up by the PCs on the LAN. Adding
other more specific rules to block various ports hasn't worked either.

I have a static IP subnet, so I'm not using DHCP or NAT. Still
waiting for a response from Netgear on this.

Adrian Bowen

Repeating the "I'm not a techy" disclaimer, as far as I understand it, if
you disable NAT then you give up all the protection the router/firewall
offers. The router instructions tell you as much. Here is the text of the
"help" from the router's config page regarding NAT....

"NAT allows all LAN PCs to gain Internet access via this Router, by

sharing
this Router's WAN IP address. In most situations, NAT is essential for
Internet access via this Router. You should only disable NAT if you are

sure
you do not require it. When NAT is disabled, only standard routing is
performed by this Router."

Therefore no NAT = no firewall (I think).

With the DG834G you are able to reserve a specific IP address for each MAC
address of each of your devices. e.g. my laptop is always 192.168.0.3 and

my
girlfriend's is always 192.168.0.2, while the Xbox gets anything else
(normally 192.168.0.4) allocated but frankly I couldn't care what it gets.
This helps allow port forwarding to the right machine when using P2P
software, for example. I don't know if this will suit your needs but

perhaps
it's something to look into.

I've run a www.grc.com port scan test and with my setup I do not exist on
any of the ports tested by Shields Up. My P2P port is reported as "closed"
(no P2P running) while everything else is "stealthed".

I suppose it's of some interest that my router emailed me (at my choice)

to
warn of a possible DOS attack while the port scanning took place.




 




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Netgear DG834G Scooby Doo uk.telecom.broadband (UK broadband) 9 January 6th 04 02:11 AM
New firmware for DG834G -= uk.telecom.broadband (UK broadband) 2 December 21st 03 11:31 AM
Netgear DG834G Steve uk.telecom.broadband (UK broadband) 0 December 9th 03 12:45 PM
Draytek 2600 Firewall setup TX2 uk.telecom.broadband (UK broadband) 5 October 20th 03 11:15 AM
Dlink 504 No Nat Firewall setup John 365247 uk.telecom.broadband (UK broadband) 1 October 19th 03 09:01 PM


All times are GMT +1. The time now is 04:07 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.Content Relevant URLs by vBSEO 2.4.0
Copyright ©2004-2019 BroadbanterBanter.
The comments are property of their posters.