Netgear DG834 firewall setup.

(Hi all. I had posted this to alt.internet.providers.uk, but was advised
this would be a better group to post. I tried googling but I can't find any
mention of this problem.)

I've got a Netgear DG834 (firmware 1.01.01) ADSL/NAT IP/Ethernet box
attached to an ADSL account.

I wanted to open up incoming connections to a friend's computer as we were
running some server software. I opened up the "Firewall rules" and added a
rule to the inbound page.

Service: ALL (TCP and UDP)
Action: Allow always
Send to LAN server: 192.168.0.3 (The one with all the server software)
WAN users: Single address
Start: (My friend's IP)
Finish: blank
Log: Always

After a few minutes I checked the log to diagnose why the client wasn't
contacting me. (A fault at the client end, beside the point to this
discussion.)

I was worried to notice a mention of some unknown address (from AOL) had
contacted me on the RPC (tcp/135) port, presumably a worm of some kind.

I quickly went to check a port scan service and observed that the firewall
was letting just anyone in.

Anyone else seeing this? Is there a fix? Any comments please?

Bill, out out out get out!

Bill Godfrey wrote:
> (Hi all. I had posted this to alt.internet.providers.uk, but was
> advised this would be a better group to post. I tried googling but I
> can't find any mention of this problem.)
>
> I've got a Netgear DG834 (firmware 1.01.01) ADSL/NAT IP/Ethernet box
> attached to an ADSL account.
>
> I wanted to open up incoming connections to a friend's computer as we
> were running some server software. I opened up the "Firewall rules"
> and added a rule to the inbound page.
>
> Service: ALL (TCP and UDP)
> Action: Allow always
> Send to LAN server: 192.168.0.3 (The one with all the server software)
> WAN users: Single address
> Start: (My friend's IP)
> Finish: blank
> Log: Always
>
> After a few minutes I checked the log to diagnose why the client
> wasn't contacting me. (A fault at the client end, beside the point to
> this discussion.)
>
> I was worried to notice a mention of some unknown address (from AOL)
> had contacted me on the RPC (tcp/135) port, presumably a worm of some
> kind.
>
> I quickly went to check a port scan service and observed that the
> firewall was letting just anyone in.
>
> Anyone else seeing this? Is there a fix? Any comments please?
>
> Bill, out out out get out!

Try updating firmware

In article <20040530101409.347$(E-Mail Removed)>, "Bill Godfrey" bill-
(E-Mail Removed)lid says...
> (Hi all. I had posted this to alt.internet.providers.uk, but was advised
> this would be a better group to post. I tried googling but I can't find any
> mention of this problem.)
>
> I've got a Netgear DG834 (firmware 1.01.01) ADSL/NAT IP/Ethernet box
> attached to an ADSL account.
>
> I wanted to open up incoming connections to a friend's computer as we were
> running some server software. I opened up the "Firewall rules" and added a
> rule to the inbound page.
>
> Service: ALL (TCP and UDP)
> Action: Allow always
> Send to LAN server: 192.168.0.3 (The one with all the server software)
> WAN users: Single address
> Start: (My friend's IP)
> Finish: blank
> Log: Always
>
> After a few minutes I checked the log to diagnose why the client wasn't
> contacting me. (A fault at the client end, beside the point to this
> discussion.)
>
> I was worried to notice a mention of some unknown address (from AOL) had
> contacted me on the RPC (tcp/135) port, presumably a worm of some kind.
>
> I quickly went to check a port scan service and observed that the firewall
> was letting just anyone in.
>
Does it help if you reset the router? Why are you not just forwarding
the appropriate ports rather than opening everything?

Rob Morley <(E-Mail Removed)> wrote:
> Does it help if you reset the router?

I doubt it, we had a short power cut about a week ago so the uptime would
be pretty short.

> Why are you not just forwarding
> the appropriate ports rather than opening everything?

Because I trust my friend with the few open ports I have. Open access to
all ports from his IP only seemed simpler than looking up which ports I had
to open.

Besides, in addition to the server software under development, I wanted to
grant access to win98 file share. That would be a bad thing to open to all.

Anyway, I'll have a look into a firmware update.

While I think of it, I use "Shields up" to test my firewall. Are there any
alternatives for a port-scan-a-matic? I'd like to be able to point at one
specific port to test. Using the "all ports scan", the firewall goes into
"Stealth" mode after 6 ports. Usually that's exactly what I want, but not
when *I'm* doing the port scan.

Bill, wondering what happens if the firmware upgrade is interrupted.

In article <20040530152041.676$(E-Mail Removed)>, "Bill Godfrey" bill-
(E-Mail Removed)lid says...
> Rob Morley <(E-Mail Removed)> wrote:
> > Does it help if you reset the router?
>
> I doubt it, we had a short power cut about a week ago so the uptime would
> be pretty short.
>
> > Why are you not just forwarding
> > the appropriate ports rather than opening everything?
>
> Because I trust my friend with the few open ports I have. Open access to
> all ports from his IP only seemed simpler than looking up which ports I had
> to open.
>
> Besides, in addition to the server software under development, I wanted to
> grant access to win98 file share. That would be a bad thing to open to all.

Indeed it would. But you might find that opening specific ports doesn't
suffer from the same bug as opening the whole lot.
>
> Anyway, I'll have a look into a firmware update.
>
> While I think of it, I use "Shields up" to test my firewall. Are there any
> alternatives for a port-scan-a-matic? I'd like to be able to point at one
> specific port to test. Using the "all ports scan", the firewall goes into
> "Stealth" mode after 6 ports. Usually that's exactly what I want, but not
> when *I'm* doing the port scan.

Shields Up has a custom option where you can specify ports to scan.
>
> Bill, wondering what happens if the firmware upgrade is interrupted.
>
Hope it doesn't happen.

Bill Godfrey wrote:

/snip

> Bill, wondering what happens if the firmware upgrade is interrupted.

Reset the router and try again

capate wrote:
> Bill Godfrey wrote:
>> (Hi all. I had posted this to alt.internet.providers.uk, but was
>> advised this would be a better group to post. I tried googling but I
>> can't find any mention of this problem.)
>>
>> I've got a Netgear DG834 (firmware 1.01.01) ADSL/NAT IP/Ethernet box
>> attached to an ADSL account.
>>
>> I wanted to open up incoming connections to a friend's computer as we
>> were running some server software. I opened up the "Firewall rules"
>> and added a rule to the inbound page.
>>
>> Service: ALL (TCP and UDP)
>> Action: Allow always
>> Send to LAN server: 192.168.0.3 (The one with all the server
>> software) WAN users: Single address
>> Start: (My friend's IP)
>> Finish: blank
>> Log: Always
>>
>> After a few minutes I checked the log to diagnose why the client
>> wasn't contacting me. (A fault at the client end, beside the point to
>> this discussion.)
>>
>> I was worried to notice a mention of some unknown address (from AOL)
>> had contacted me on the RPC (tcp/135) port, presumably a worm of some
>> kind.
>>
>> I quickly went to check a port scan service and observed that the
>> firewall was letting just anyone in.
>>
>> Anyone else seeing this? Is there a fix? Any comments please?
>>
>> Bill, out out out get out!
>
> Try updating firmware

see http://kbserver.netgear.com/support_...asp?dnldID=675

"capate" <(E-Mail Removed)> wrote in message
news:_9Fuc.191$(E-Mail Removed)...
> Bill Godfrey wrote:
>
> /snip
>
> > Bill, wondering what happens if the firmware upgrade is interrupted.
>
> Reset the router and try again
>

So as this thread suggests, there is a problem with the firmware that Bill
is using.. right?? Is this correct, or is everyone just guessing a cure
will be found by upgrading the firmware? I use the firmware that came with
the router, and it works fine for what I do with it. I am not trying to do
what Bill is trying to do, although, if there are definite improvements by
upgrading the firmware, I will do it. Looking back a few posts, I notice
that some people who upgraded their firmware from 1.01.01 were having
crashing problems.

A final question... Can I save the old firmware before I upgrade.... And can
I go back to older firmware after I upgrade (incase I find newer is not
better) : )

My firmware version is 1.03.00.

Bill, If I can assist in any way to prove the older firmware is a problem,
please ask.

Oh.. finally. Is anyone able to comment on whether I should upgrade my
1.03.00 to a newer version? Is there anything major that needs sorting out
in my version?

Regards
Tony

"Tony P" <(E-Mail Removed)> wrote:
> Bill, If I can assist in any way to prove the older firmware is a
> problem, please ask.

I'd appreciate it.

Try...

New inbound service firewall rule...

Service - All TCP&UDP
Action - Allow always
Send to LAN server - 192.168.0.254 (Pick a safe destination)
WAN users - Single address
Start - (Pick a valid public IP address at random)
End - Blank
Log - Always

Then wait for a worm to probe your own public IP. Check the logs and see if
the probe has been swallowed or passed along.

A better test would be to do the above but give the internal IP address of
a real computer on your home network. Then see if anyone can see your
server ports. (Perhaps use Sheilds Up to see if it can access your ident
server.)

The problem with that test is that if the test fails, you've exposed a
computer on your internal network. Not the sort of thing I'd recommend.

Bill, many thanks.