D-Link DSL-504 firewall

One of the reasons I bought this adsl router was the inbuilt
firewall.
As a novice ( just got BB and have to feed 2 computers ) I
assumed the firewall would be working out of the box.
Could anyone tell me if this is the case as the only reference
in the config. is 'Advanced Filtering and Firewall' which by
default is set to 'IP Filter State - disabled'. Is it ok to enable
it?

The pdf manual is not very user friendly.

Any advice from users of this router would be much appreciated.

Chris

"Kris" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> One of the reasons I bought this adsl router was the inbuilt
> firewall.
> As a novice ( just got BB and have to feed 2 computers ) I
> assumed the firewall would be working out of the box.
> Could anyone tell me if this is the case as the only reference
> in the config. is 'Advanced Filtering and Firewall' which by
> default is set to 'IP Filter State - disabled'. Is it ok to enable
> it?
>
> The pdf manual is not very user friendly.

You're not wrong there!

By default, it will already block all incoming probes.

It's only when you create port-forwarding rules (router to pc) that probes
from the internet will start getting through on those ports.

Have a look at this page: http://shadow.sentry.org/~trev/dsl50x.html
It's about the best resource there is on the 504. You should even find a
file on setting up the filters/rules. Be aware, there are/have been several
models of the 504 series. Mine is the original DSL-504 (rev.B) - as shown on
the graphic on the page.

I would only use the firewall/filter rules on the 504 if there was a
specific outbound port (or IP/PC/etc) that I wanted to block. And, as I
don't, I don't have this feature enabled. (The rules work in either
directions, so you can block inbound requests from specific IPs, or to
specific ports).

A word of warning, though. It's very easy to implement the rules so that
nothing works!!

I still run personal firewalls on my PCs behind the 504, not only to protect
should anything get through, but, to warn me should any authorised software
being trying to get out.

If you haven't already done so, then you may like to look into 'stealthing'
your 504. This basically means that you allocate an unused IP to the DMZ in
the 504.

HTH.

Baz

"Kris" <(E-Mail Removed)> wrote in news:2i45m3FioemkU1
@uni-berlin.de:

> assumed the firewall would be working out of the box.
> Could anyone tell me if this is the case as the only reference
> in the config. is 'Advanced Filtering and Firewall' which by
> default is set to 'IP Filter State - disabled'. Is it ok to enable
> it?

The DSL-504 is a NAT router. By default, it will drop all incoming
traffic for which there is no matching outgoing connection.

For most users, this will be sufficient and there is no need to
configure any firewall filter rules.

The DSL-504 (and its wireless relative, the DSL-604+) also provide
static IP filtering, which is what the 'Advanced Filtering and
Firewall' screen is about.

You can set up rules to pass or block traffic based on
source/destination IP address, port or protocol.

By default there are no rules configured, so enabling it will have no
effect until you have entered your own rules. Clearly these will be
specific to your requirements.

It's straightforward to set up filter rules once you understand how
they work - but the manual explains nothing However, find official
D-Link examples here:
<http://www.dlink.com.au/tech/drivers/files/routers/DSL-
50x_Filter_Example_fw221.zip>

As I say, most users won't need them. If you do need to allow
incoming traffic (for example, for gaming or for running a server
behind the router) I recommend you use the Port Redirection screen to
forward specific ports.

There is a treasure trove of info on the DSL-604+ at Trev Roydhouse's
site here:
<http://shadow.sentry.org/~trev/dsl50x.html>

Hope this helps

--

Richard Perkin
To email me, change the AT in the address below
richard.perkinATmyrealbox.com

It's is not, it isn't ain't, and it's it's, not its, if you mean it
is. If you don't, it's its. Then too, it's hers. It isn't her's.
It isn't our's either. It's ours, and likewise yours and theirs.
-- Oxford University Press, Edpress News

> Hope this helps

certainly does, thanks for both replys.

Chris