Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2161
  • Last Modified:

Linksys Wrt54G How to block services?

WRT54G – Access Restrictions – Blocked Services – Add/Edit Service  

I want to block everything inbound but http,https, and dns.  
How do you do it?  I see add, modify,delete, apply, cancel, and close buttons but no block button.

I see just two fields listed to block ports. Do you select the service you want to block and then click save and do the for each service you want to block?

Do you delete the service from the list?  Then do you add it back to the list to enable it?
Or is it done under Application and Gaming?  
I've read some doc's on Linksys's site about the Wrt54G setup and config, but I'm not understanding how you block these services.

And, are there logs you can check for accepts, drops, etc?

Here's the help.
Blocked Services: You may choose to block access to certain services. Click Add/Edit Services to modify these settings. Blocked Services: You may choose to block access to certain services. Click Add/Edit Services to modify these settings.


0
Westez
Asked:
Westez
  • 5
  • 5
  • 2
  • +2
4 Solutions
 
epichero22Commented:
HTTP is port 80, HTTPS is port 443, and DNS is port 53 I believe.  


I know that the home routers, such as what you have, don't let you specifically control access in all possible ways like an advanced router will, like Cisco.  Try blocking those ports and experimenting with different combinations to see what works.  
0
 
milksieCommented:
In the WRT45GS there is a tab labelled "Access Restrictions"   In that section there is a "Blocked Services" subsection where you can use drop-down lists to select various services to be blocked and a button to add more blocked items.   When you've included everything you want to block be sure to click "Save Settings" at the bottom or navigating away will lose your config.  

In looking at specs online the WRT54G and WRT54GS are identical except for the "S" for speedbooster feature.   So the config interface should have these same options.
0
 
yjchong514Commented:
Cool video tutorial
http://www.woopid.com/video/1/Block-Services-on-a-Linksys-Router

Good Luck!

Rgds,

yjchong514
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
WestezAuthor Commented:
I've watched the tutorial.  

Blocked services has two input boxes with a drop down list to select services from, initially  they are labeled as none.  Are you saying that I can select a service off the list and then save it, and that service is blocked?

If thats the case, do you have to do them one at a time, or can you click on a service to select it, and then click on the next service to select it, and then save it, and multiple services are now disabled?

And is there a way to see which services are blocked and which services are allowed?

Thanks
0
 
epichero22Commented:
Yes, you can select a service off the list and specify to deny it and it will be blocked.

Just fill out the page with your selections and click Save.
0
 
giltjrCommented:
--> I want to block everything inbound but http,https, and dns.

Are you sure?   This means that you can't do print/file sharing between the computers on your home network.

You do realize that the "Access Restrictions" is blocking traffic that originates FROM your home PCs.
0
 
giltjrCommented:
To clarify my point.

Internet <--> WRT54G <--> Your home computers.

The term inbound normally means traffic from the Internet to your computers through the WRT54G.  By default the WRT54G already blocks all inbound traffic to your home comptuers.

The execption to this is:

1) You configure one computer to be a DMZ (Applications and Gaming - DMZ)
2) You configure specific ports to be forwarded to computers on your network (Applications and Gaming - Port Forwarding).

The Access Restrictions page blocks tafffic between your computers.
0
 
milksieCommented:
Now that I've been playing with my WRT54GS, it seems that you cannot block more than two ranges of ports at a time.   You can either select the preconfigured services from the drop down lists, or you can specify your own port ranges by clicking the Add/Edit Service button.   Creating a new range of ports to block with its own unique name that you specify will simply add it to the drop down list.  It will still not let you choose more than two range of ports (services) to block.

These routers have other limits like only being able to block four websites at a time.  You cannot add additional ones.   And the keyword blocking list is limited to six words.   The approach seems to be that they are designed with full access to services assumed with the ability to block a little of this or that.  But it is by no means a fully versatile router with unlimited configurability.

0
 
WestezAuthor Commented:
Well when I run a port scan against the router, only port 80 is listening. I've read that by default all the services are blocked, and I'm going to add with the exception of port 80.

Has anyone flashed their firmware with Tomato?  I see the WRT54G is listed in the HCL.  I've heard that it's a lot more feature rich.  May be time to just buy another router.  

0
 
giltjrCommented:
Where are you running the port scan from: your local network or from the Internet?

Port 80 is used by the router to manage the router.  There should be an option to disable this from the "outside" (Internet/WAN side) so that you can only manage the router from "inside" (intranet/LAN side).

I have not use Tomato, I am using DD-WRT, but not really taking advantage of a lot of stuff.   I needed my WRT54GS to act like a wireless client.
0
 
WestezAuthor Commented:
I ran it from the outside using hackerwatch.org, and from the inside using fscan from Foundstone, now McAfee.   Thanks for the tip about DD-WRT, I'd not heard of it before, I just googled it.  What router are you using with it?  

I finally just got broadband in my area and I'm setting up a web server on a test network so I can tinker with things.  I've had the WRT54G for years sitting around gathering dust, waiting for the day for broadband to arrive.  I'm tinkering with it too.  
0
 
giltjrCommented:
I'm usng a WRT54GS V2.

O.K. from the outside if you see port 80, then you have it configured to allow managment from the Internet.  You should be able to disable this.  I know on mine WRT54GS you could and I beleive the difference between the two (G and GS) is that the GS included SpeedBoost.
0
 
WestezAuthor Commented:
giltir - thanks, I don't want to manage it from the Internet, I'll fix that.  I'm going to take a deeper look at DD-WRT and what routers\access points it works with and buy one.

Thanks to all, I'm going to close this, and divide the points.
0
 
WestezAuthor Commented:
Thanks guys for having a look and helping me out.
0
 
giltjrCommented:
Thanks for the points.

Not that I want to discourage you from exploring DD-WRT (or other alternative firmware) unless you want to do something that the standard firmware does not allow I would suggest that you just use what comes with your device.

The only reason I replaced the Linksys firmware was that it did not support being a wireless client and I needed that function.  If I did not need that function, I would still be running the standard firmware.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 5
  • 5
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now