Block services (everything?) on WRT54G?

03-09-2006, 05:36 PM

I'm trying to set up a WRT54G for open public access, but only allow
certain services (maybe just WWWeb Browsing, for instance), but seem
to have run into a problem.

I've got a Linksys WRT54G V4 running 4.20.7 firmware, and I seem to be
having a number of problems. Igo into <Access Restrictions> and
<Blocked Services>:

First, there are only two available selections of services, shouldn't
I have a list of things I can block?

Secondly, just to try it out, I'm trying to block Ping, but it comes
up as ports zero thru zero, which is wrong (isn't it?)

Then, I fix the ping port to port 7 and enable it and I can still ping
machines on the WAN side of the router.

Yeah, I could probably retry DD-WRT, but last time I followed the
instuctions to the letter they didn't work, and that's really a
rathole.

Also, if I only wanted to allow WWWebBrowsing, what do I need to allow
for ports besides 80 (HTTP) and 53 (DNS). I'm not sure if I care if
people can do HTTPS or anything else...

Has anyone made this work? I've got a couple of WRT54G V5s in stock,
but they are unopened, so I'd rather keep them pristine...

Thanks!

03-11-2006, 01:02 AM

On Thu, 09 Mar 2006, in the Usenet newsgroup alt.internet.wireless, in article
<(E-Mail Removed)>, William P.N. Smith wrote:

>Secondly, just to try it out, I'm trying to block Ping, but it comes
>up as ports zero thru zero, which is wrong (isn't it?)

Yes - ping doesn't use ports. It's ICMP. See RFC0792

>Then, I fix the ping port to port 7 and enable it and I can still ping
>machines on the WAN side of the router.

See http://www.iana.org/assignments/port-numbers

Then have a look at RFC0862 was is the _experimental_ protocol that used
port 7.

>Also, if I only wanted to allow WWWebBrowsing, what do I need to allow
>for ports besides 80 (HTTP) and 53 (DNS). I'm not sure if I care if
>people can do HTTPS or anything else...

OUTBOUND to 53/udp, 53/tcp, 80/tcp on the remote servers, FROM anything
above 1025.

INBOUND from 53/udp, 53/tcp, 80/tcp on the remote servers TO anything
above 1025.

You also need ICMP Type 3 as a minimum.

>I've got a couple of WRT54G V5s in stock, but they are unopened, so I'd
>rather keep them pristine...

You _really_ need to do some basic reading. Start with RFC1180

http://www.ietf.org/rfc/rfc0000.txt
http://www.faqs.org/rfcs/rfc0000.html
http://www.rfc-editor.org/rfc/rfc0000.txt
http://www.ccd.bnl.gov/network/general/rfc0000.html
http://www.cis.ohio-state.edu/htbin/rfc/rfc0000.html

Replace the zeros with the _four_ digit document number (ex 0862)

Old guy

03-14-2006, 12:37 AM

(E-Mail Removed) (Moe Trin) wrote:
>William P.N. Smith wrote:

>>Also, if I only wanted to allow WWWebBrowsing, what do I need to allow
>>for ports besides 80 (HTTP) and 53 (DNS). I'm not sure if I care if
>>people can do HTTPS or anything else...
>
>OUTBOUND to 53/udp, 53/tcp, 80/tcp on the remote servers, FROM anything
>above 1025.
>
>INBOUND from 53/udp, 53/tcp, 80/tcp on the remote servers TO anything
>above 1025.

Thanks, Moe, I'll give it another try!

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Re: How do I Block MSN...	Bernard Peek	Home Networking	2	05-29-2010 07:26 PM
WRT54G to WRT54G to WAP54G Failure	Rick Ankrum	Wireless Internet	2	11-30-2004 11:57 PM
Block MSN and AIM?	Box	Broadband Hardware	6	11-17-2004 02:46 PM
WRT54G -- WRT54G Bridge / Client Mode	Steve	Wireless Internet	5	10-01-2004 06:45 PM