Can Linksys broadband/wifi routers run inbound/outbound access lists?

Discussion in 'Broadband' started by Peter, Dec 5, 2003.

  1. Peter

    Peter Guest

    My GF is getting one of these soon. I've had lots of problems with
    getting probed from what looks like infected external machines, but
    I've got a Cisco 803 on which you can set this up...

    I think a decent router is the only way forward these days...


    Peter.
     
    Peter, Dec 5, 2003
    #1
    1. Advertisements

  2. :My GF is getting one of these soon. I've had lots of problems with
    :getting probed from what looks like infected external machines, but
    :I've got a Cisco 803 on which you can set this up...

    Linksys has a lot of different models. I don't know if any of them
    has what you would recognize as access lists. I see a review for
    the WAPG54G that indicates you can configure what outbound users
    can connect to. I see indications that the WAP54G that you can
    filter based upon MAC address (up to 20).


    Hmmm, a number of the Amazon reviews for the WAP54G are pretty harsh.
    I know though, that a number of people think that BEFSR41 is pretty
    good, and the V equivilent is said to be quite good as long as
    you stick to release 3 instead of release 4. So it appears that
    experiences differ a lot based upon model and version.
     
    Walter Roberson, Dec 5, 2003
    #2
    1. Advertisements

  3. My GF is getting one of these soon. I've had lots of problems with
    Well, all of the Linksys models stop all unsolicited inbound traffic on the
    "WAN" port unless explicitly permitted (since it is really a Network Address
    Translation (NAT) box, not a 'router'), so that should stop the probing at
    the door. Using access-lists is moot, since the default is to deny
    everyone. Compare this to IOS routing, where packets are allowed in unless
    explicitly denied. Note that IOS NAT also denies all inbound packets unless
    it matches an outbound stream or is explicitly permitted.

    You can restrict wireless access by MAC address and WEP keys.
     
    Phillip Remaker, Dec 5, 2003
    #3
  4. Peter

    doobr1e Guest

    Hmmm, a number of the Amazon reviews for the WAP54G are pretty harsh.
    i replaced my dlink di-604 with a linksys wireless wrt54g - using it
    with telewest blueyonder and so far its been great, thought i had a drop
    out problem on one of the network ports but seems it was the network
    cable.

    covers the area i need (its upstairs front of house and signal fine
    downstairs back of house) and works flawlessly so far after a few weeks
    use.
     
    doobr1e, Dec 5, 2003
    #4
  5. Peter

    Peter Guest

    I don't understand the last 2 lines above, unless you assume that the
    access list start with a simple 'permit any any' line; then you have
    to start restricting things...

    The reason I posted the Linksys question is because over the last week
    or two I have spent many hours, very well assisted by another man from
    around here, setting up the following 803 access list

    outbound:
    just so that the router works for the normal internet stuff (http,
    pop3 email, ftp) while numerous Blaster (and possibly other) inbound
    traffic does not keep the line up for long enough to stretch my normal
    20hr/mo online time to beyond 250hrs/mo and get me kicked off the
    flat-rate ISP !!

    I am getting a Blaster attack every minute at least, from different
    people.

    Until a few months ago, I was able to use
    (straight out of the Cisco 800 handbook) and that worked for the
    previous 3 years without a single problem.

    Times are changing...

    Is the above sort of thing possible on the Linksys 54G wifi broadband
    router, or would people rely on the fact that with broadband nobody
    cares (or notices) what gets retransmitted following the receipt of
    Blaster packet?


    Peter.
     
    Peter, Dec 6, 2003
    #5
  6. :Well, all of the Linksys models stop all unsolicited inbound traffic on the
    :"WAN" port unless explicitly permitted (since it is really a Network Address
    :Translation (NAT) box, not a 'router'), so that should stop the probing at
    :the door.

    And how do they do that for UDP? How can they tell whether the traffic
    is "unsolicited" ?

    Linksys has an extensive model line, and not all of the models use
    any kind of stateful inspection.
     
    Walter Roberson, Dec 6, 2003
    #6
  7. Peter

    Rik Bain Guest

    It builds a translation for the outbound UDP stream, and subsequent
    packets are permitted in.

    If I were to send a UDP datagram to one of these devices, and it does not
    have a translation for that particular port to an internal host, the
    packet will be dropped.
     
    Rik Bain, Dec 6, 2003
    #7
  8. Peter

    Peter Guest

    The One I was thinking of was WRT54G-UK, details at


    http://uk.insight.com/apps/productpresentation/index.php?product_id=LNKNA03D8S

    This one is going to be getting Blaster attacks all day long... but it
    needs to work for www, email, ftp, and also yahoo and hotmail
    messenger.

    Re the messenger, the yahoo one can be configured to use http only and
    the msn one can too I think... The file transfer in both of these
    stops working (even through a wide-open Cisco router) but that's OK.


    Peter.
     
    Peter, Dec 9, 2003
    #8
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.