Port Forwarding question

Assumption, the mother of all screwups.

Think about what you are trying to protect and protect from. If you're worried about getting attacked from the internet, by evil and diabolical agents of the dark side(tm), like me, then piling on of the firewalls and will improve your security. You can even do tricky things with two firewalls, such as creating a DMZ or possibly a "honey pot" to attract the bad guys in between the routers. Whatever level of overkill you find necessary.

However (insert drum roll), no amount of NAT firewall protection will do anything for protecting you against a rogue web site, full of spyware, trojans, and software bombs. Your web browser goes right though the firewalls, downloads the malware, installs, and your security is now totally blown. Say goodby to some key files and anything you type (i.e. credit card numbers).

Similarly (yet another drum roll), since your wireless LAN is on inside of your two firewalls, attacks via the wireless will not go through either router. Once your encryption keys are known, your desktops are exposed.

In my never humble opinion, dumping the first router, replacing the DSL modem, and doing everything in the Linksys WRT54G router, is good enough protection, and offers the benifits of simplicity.

Incidentally (no drum roll this time), my definition of security is based upon logging and monitoring. It's one thing to build up layer and layer of security. It's another to be sure that they're working. Think intrusion detection, traffic monitoring, and logging.

My Network consists of an Actiontec 701G DSL modem/router, which in turn connects by ethernet port to my Linksys Wireless Router. My computer network accesses the Linksys Wireless router for Internet access.

I have a computer program which requires my network allow forwarding on a couple ports. I have no problem setting the required ports in the Linksys, but my QUESTION is what do I do in the DSL modem? It has a similar port setup as the Linksys.... do I set up the ports to forward to my computer DHCP assigned IP, or to the Linksys IP?

Also, how can I setup the ports to forward to ANY computer on my network rather than one specific IP?

Thanks in advance for any help.

Ed

Ed wrote in news:Xns9664777F9E10spectrumhogstarbandn@207.106.93.175:

Well in away your correct. But if thee 701G is a modem/router, then it's

701g that the Linksys router is using as the gateway and the machine using the Linksys is using the 701G as the gateway to access the Internet.

Well, I'll assume that the 701G has a DHCP sever and is giving a DHCP IP the Linksys router. Maybe you should configure the Linksys router to be a wire/wireless AP switch and set the Linksys (now a switch) Device IP to use a static IP(s) on the 701G router, along with the subnet mask being the same on the two devices. A static IP is any IP on the 701 that is not controlled by its DHCP IP server on the 701G. Most routers have a built in switch.

You can do like what's being done in the links to connect two Linksys routers together. The principles are the same in connecting routers no matter what brand name wire or wireless.

When using port forwading, the computer's NIC should be confifgured to use to the gatway router's static IP and NOT a DHCP IP.

When it's taking about the Server NIC in the link is as close as I could get as an example of how to set the NIC on the computer to use on of the router's static IP(s).

IP = a static IP on the gateway router subnet = the subnet that should match between the two routers gateway = the IP of the gateway router.

You can determine that part as to what is the gateway IP will be if you connect the machine and let it *obtain an IP* for the DHCP IP server and then do the manual config.

Preferred and Alt DSN IP(s) should point to the IP(s) the gateway router is pointing to and should be displayed on a router Admin screen.

The port forwarding should be done at the gateway router the one that's connected to the modem or has the modem in your case and point to the IP/machine that needs the ports forwarded.

You should look up port forwarding and port triggering and find out what they mean. You can use Google or Dogpile.com

HTH

Duane :)

Jeff, ( and Duane )

Both of you guys have been extremely helpful in your replys. Thanks! Though both of you indicate I'd be better off changing my Linksys (WRT54G by-the way) to merely an access point, I would like to keep things as they are, if possible. One reason is because I believe the Firewall in the Linksys is superior... I have the latest HyperWRT on my Linksys, BTW. Let me know if my assumption if incorrect on this.

I believe Jeff's comments indicated my error in my port forwarding setup. I didn't have the DSL modem port forwarding to the Linksys WAN IP. I will correct this later today and see if things work for my program.

This is just a quick reply on my problem for now. When I make my change later, I'll provide feedback. Thanks guys.

Ed

=======================================================================

Jeff Liebermann wrote in news: snipped-for-privacy@4ax.com:

Ed wrote in news:Xns9664917FBD7BBspectrumhogstarbandn@207.106.93.175:

Well, a NAT router and both are NAT routers for home usage do not have a FW as far as I am concerned. Maybe, the 54g has SPI and the 701G doesn't. They have FW like features but are not running true FW software in the traditional sense that meets the specs in the link for *What does a FW do?*.

An appliance running true FW software will meet the specs in the link above and some high end NAT routers come very close to a FW appliance.

Both of them meet the specs for a NAT (no FW) router.

The NAT router is good enough for home protection until you start doing high risk things like *port forwarding*.

Some users of a NAT router will supplement the NAT router with a PFW solution or some other packet filtering software at the machine level that can stop outbound by port, protocol and IP, since most NAT routers cannot do it.

Maybe running them in series will help, but I learned not to trust a NAT router, especially one for home usage and in particular a wireless one. ;-)

Duane :)

No, Jeff, I am not using both routers because I think two in series is better. I'm using the Linksys because I believe it has the best protection features, (SPI for one - the Actiontec doesnt' I think). In fact, I have the Firewall turned off in the Actiontec DSL modem, just to avoid more confusion. I just like the flexibility of the Linksys router and wireless access over the Actiontec. Since the Linksys doesn't do DSL, I have to use the Actiontec. I will consider the suggestion you or Duane made about just buying a basic DSL modem, but I hate to spend the money when the Actiontec works well in that regard... plus it is the unit provided by Qwest and makes Tech Support easier in that regard.

Still haven't implemented your previous suggestions as I have spend the greater part of my afternoon putting in a #&^%$! dog door. More later.

Thanks

Ed

computer

forwarding on

forward to

I had a similar situation with a Westel modem/router and a netgear router. The easy solution for me was to run the Westel in bridge mode. A factory reset is what put the westel in bridge mode (which actually just wipes out the ip configuration). Not sure about the actiontec but it may be able to run in bridge mode too.

That's what I came up with, too.

BTW, the Linksys is a WRT54G running HyperWRT 2.1b1

To do this:

Believe I already have this. The Actiontec default is 192.168.0.1 and the Linksys default is 192.168.1.1

Question on this: Who do you "disable" the DHCP other than changing it to Static IP? Or is static IP what I want on it then?

So, given what I already have setup up, the only real change I need do is move the Actiontec cable going to my Linksys WAN port over to a Linksys LAN port, and disable DHCP in the Linksys?

I like that idea and will start looking for a cheap DSL modem. Meantime I will try the above changes. Thanks.

Ed

it to Static IP? Or is static IP what I want on it then?

Should have been HOW, not "Who"

Ed

Ed wrote in news:Xns9665B786DBFE5spectrumhogstarbandn@207.106.93.175:

That should work

I think you're confused here.

There is an Admin screen on the Linksys router that clearly indicates Enable or Disable DHCP. That's the DHCP server on the router.

In the area on the Admin Screen for DHCP on the Linksys router, you'll see the start DHCP IP of 192.168.1.100. That's the start of the DHCP IP (s) of the router. And it has a DHCP IP *Count* of I think 50. So the DHCP IP(s) that will be issued to any computer automatically by the router for any computer that wants a DHCP IP will be from 192,168.1.100 to 192,168.1.151. Any IP(s) that are not in that range are Static IP(s) on the router that are NOT issued by the DHCP server on the router.

It's the same or similar kind of setup on the Actiontec concerning the DHCP server on that router.

Any router becomes a switch if you Disable DHCP. If you do that, then you'll want to switch the Linksys router from Gateway to Router mode if there is an Admin screen for the settings, because the router is no longer a gateway device as it's just a wire/wireless AP *switch*.

Any machine connected to the Linksys *switch* will get an DHCP IP or if the machine is using a static IP it will be from or pointed to the Actiontec router as it is the gateway router.

Yes, you would change from the DHCP settings on the Linksys router that would normally be in DHCP mode to get an DHCP IP from the ISP if the router was a router being directly connected to the modem. But you're not doing that as you're connecting to another router and you should switch to static mode and point to a static IP on the Actiontec gateway router from the Linksys (now a switch).

Once again, the two links show you exactly how to do it and it doesn't make any difference if it's two wireless/wireless, wire/wireless, wireless/wire, wire/wire or what brand names of the routers being connected. The principles are the same and you make the adjustments and apply accordingly based on the Actiontec being the gateway router.

Duane :)

The link is for if you have confusion as to what DHCP means.

Duane :)

(convert wireless router into a wireless access point)

Careful here. I wan't very clear. If you have 2 routers in series, the way you apparently have, you cannot put both of them in the same /24 IP block. The reason is that the 2nd router (Linksys WRT54G) cannot route to and from the same IP block on both the WAN and LAN ports. They have to be different. So, if you maintain the two router configuration, the existing 192.168.0.1 and 192.168.1.1 is fine.

However, if you disarm the router section of the WRT54G per my instructions, you must put it's IP address on the same /24 IP block as the Actionec. I suggest 192.168.0.2 for the WRT54G. Again, this is ONLY for when you convert it to an access point, so you can talk to both boxes.

Note that I said "DHCP server", not "DHCP client". The WAN port of your WRT54G has a DHCP client running on it that currently picks up an IP address from the Actiontec router. Since the WAN port will NOT be used when the WRT54G is converted to an access point, you can leave the WAN port configuration in any mode or configuration. It doesn't matter.

What needs to be disabled is the DHCP server that's on the LAN side. It should be on the LAN configuration page somewhere. The idea is to only have one DHCP server on your LAN.

Yep. Don't forget to move the IP address of the WRT54G or you won't be able to control it.

I just looked on eBay. Lots of DSL modems for cheap.

Disable the DHCP /SERVER/, ie find hte option to turn off the dhcp /server/ in the linksys.

Thanks, Duane. no, I know what it means; I was just having difficulty finding the place in the menu for turning the DHCP server off.... I musta been brain dead... I found the menu within both the Actiontec and the Linksys for that, but I have not acted yet.

Was doing a little research and found that I probably CAN put the Actiontec GT701 DSL modem into bridging mode. Whether it will work with my Qwest DSL provider in this mode is yet to be seen, but at this point I will try this first when I get a chance. Otherwise, I will probably grab one of those cheap DSL modems off EBay.

Problem with me making changes to my system is that I have been very busy, and those times I've had to do this, other family members have been on the system precluding my taking it down for even a bit..... sigh.

I sure thank you two guys for the assistance. I'm not real green on networking, but I have huge holes in my knowledge in this area.

Ed

Ed wrote in news:Xns96668C4B615C1spectrumhogstarbandn@207.106.92.175:

You'll get it sorted I am sure.

Good luck to you

Duane :)

Well, rather than screw around with my functioning Actiontec, I decided to take you up on the above suggestion and purchased a DSL modem on EBay. I received the Visionet 200ER unit today. Unfortuntely, the seller sent the wrong power supply so I had to come up with a suitable one; Linksys units substituted just fine.

The big problem is that the Seller said the unit was removed from a Qwest DSL account. I have a Qwest account so I figured the unit wouldn't be difficult to configure for my use. However, the unit actually was used on an Earthlink account. Apparently the software in the modem is stuffed with Earthlink stuff, rather than the factory default Quick Start setup info I need to access. (I downloaded this default access info from the manufacturer of this modem, D Q Technology. I did a hard reset, but the Earthlink stuff remains... I can't get past the Earthlink signin page to access any setup info.

Any ideas how to remove the Earthlink stuff and get back to factory Quick Setup pages, or do I have a piece of junk? I do have an email pending with D Q Technology Tech Support, but don't know if they will help yet, or not.

Ed

Holdit. You're suppose to be buying a DSL modem, not a DSL router. The VisionNet 200ER is a DSL *ROUTER*. This is functionally equivalent to your existing Actiontec 701G. This isn't going to work unless you find some way to disarm the router section of the VisionNet

200ER.

I've only seen one of these. As I recall, it was hard coded for Earthlink setups. Without a flash firmware replacement, you're stuck. DQ says to send them email asking for help.

In theory, most DSL modems are pre-programmed for an assortment of VPI/VCI ATM circuit numbers commonly in use. There is no configuration or setup.

just plug in the modem and it just works. All the configuration and setup would be done in your Linksys WRT54G router. The only setting that might be a problem is whether Quest is using PPPoE or PPPoA on your DSL line. Dig the numbers and settings out of your Actiontec to be sure.

Nope. No clue. I don't think you need this challenge. I suggest you debate the merits of the eBay sellers misrepresentations and ask for your money back. Then I suggest you purchase a suitable DSL modem, not a DSL router. I'm not 100.000% sure of the Quest setup (we're in SBC DSL territory on the left coast). My favorites are: Efficient/Speedstream 5260 because of the nifty diagnostics. Efficient 5360 (no diagnostics, but works well) Speedstream 5100 and 5100B Alcatel Speed Touch Home Westell B90-36R515 Westell 2200 Westell A90-210030 Ebay shows 624 items under "DSL modem" so you should have no problem finding the correct model. Be sure it's a DMT (Discrete Multi-Tone) type of modem used for ADSL circuits, and *NOT* a CAP (Carrierless Amplitude Phase) type of modem used for SDSL circuits. The models look very similar and are easy to confuse.

Another alternative would be to dive into your Actiontec 701G and set it to bridge mode, which effectively disarms the router section. See:

Well, after reading poster's reply, the old saying goes if it's not broke, don't fix it.

Duane :)

You are so right. I didn't figure out it was a Router too, until after I had one the bid. It was listed as a DSL Modem.... guess I shoulda done more homework on the product before bidding!

I do have an email pending with DQ on this.... will see if they can help me clear out the Earthlink stuff, or if I just have a $10.00 piece of junk.

That's exactly what I'll do. The seller has ALREADY refunded my moeny, once I explained things to him, so that was nice. I'll look at your suggestions for DSL modems and maybe start over. Thanks for the recommendations and additional info to look for.

(Note for Duane: One reason why I don't want to mess with my existing Actiontec is that if I screw it up, I'm off line until the problem is fixed... and family wouldn't like that! )

Thanks, guys.

I'll probably report back again on this.

Ed