Westez
asked on
Linksys Wrt54G How to block services?
WRT54G – Access Restrictions – Blocked Services – Add/Edit Service
I want to block everything inbound but http,https, and dns.
How do you do it? I see add, modify,delete, apply, cancel, and close buttons but no block button.
I see just two fields listed to block ports. Do you select the service you want to block and then click save and do the for each service you want to block?
Do you delete the service from the list? Then do you add it back to the list to enable it?
Or is it done under Application and Gaming?
I've read some doc's on Linksys's site about the Wrt54G setup and config, but I'm not understanding how you block these services.
And, are there logs you can check for accepts, drops, etc?
Here's the help.
Blocked Services: You may choose to block access to certain services. Click Add/Edit Services to modify these settings. Blocked Services: You may choose to block access to certain services. Click Add/Edit Services to modify these settings.
I want to block everything inbound but http,https, and dns.
How do you do it? I see add, modify,delete, apply, cancel, and close buttons but no block button.
I see just two fields listed to block ports. Do you select the service you want to block and then click save and do the for each service you want to block?
Do you delete the service from the list? Then do you add it back to the list to enable it?
Or is it done under Application and Gaming?
I've read some doc's on Linksys's site about the Wrt54G setup and config, but I'm not understanding how you block these services.
And, are there logs you can check for accepts, drops, etc?
Here's the help.
Blocked Services: You may choose to block access to certain services. Click Add/Edit Services to modify these settings. Blocked Services: You may choose to block access to certain services. Click Add/Edit Services to modify these settings.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I've watched the tutorial.
Blocked services has two input boxes with a drop down list to select services from, initially they are labeled as none. Are you saying that I can select a service off the list and then save it, and that service is blocked?
If thats the case, do you have to do them one at a time, or can you click on a service to select it, and then click on the next service to select it, and then save it, and multiple services are now disabled?
And is there a way to see which services are blocked and which services are allowed?
Thanks
Blocked services has two input boxes with a drop down list to select services from, initially they are labeled as none. Are you saying that I can select a service off the list and then save it, and that service is blocked?
If thats the case, do you have to do them one at a time, or can you click on a service to select it, and then click on the next service to select it, and then save it, and multiple services are now disabled?
And is there a way to see which services are blocked and which services are allowed?
Thanks
Yes, you can select a service off the list and specify to deny it and it will be blocked.
Just fill out the page with your selections and click Save.
Just fill out the page with your selections and click Save.
--> I want to block everything inbound but http,https, and dns.
Are you sure? This means that you can't do print/file sharing between the computers on your home network.
You do realize that the "Access Restrictions" is blocking traffic that originates FROM your home PCs.
Are you sure? This means that you can't do print/file sharing between the computers on your home network.
You do realize that the "Access Restrictions" is blocking traffic that originates FROM your home PCs.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Well when I run a port scan against the router, only port 80 is listening. I've read that by default all the services are blocked, and I'm going to add with the exception of port 80.
Has anyone flashed their firmware with Tomato? I see the WRT54G is listed in the HCL. I've heard that it's a lot more feature rich. May be time to just buy another router.
Has anyone flashed their firmware with Tomato? I see the WRT54G is listed in the HCL. I've heard that it's a lot more feature rich. May be time to just buy another router.
Where are you running the port scan from: your local network or from the Internet?
Port 80 is used by the router to manage the router. There should be an option to disable this from the "outside" (Internet/WAN side) so that you can only manage the router from "inside" (intranet/LAN side).
I have not use Tomato, I am using DD-WRT, but not really taking advantage of a lot of stuff. I needed my WRT54GS to act like a wireless client.
Port 80 is used by the router to manage the router. There should be an option to disable this from the "outside" (Internet/WAN side) so that you can only manage the router from "inside" (intranet/LAN side).
I have not use Tomato, I am using DD-WRT, but not really taking advantage of a lot of stuff. I needed my WRT54GS to act like a wireless client.
ASKER
I ran it from the outside using hackerwatch.org, and from the inside using fscan from Foundstone, now McAfee. Thanks for the tip about DD-WRT, I'd not heard of it before, I just googled it. What router are you using with it?
I finally just got broadband in my area and I'm setting up a web server on a test network so I can tinker with things. I've had the WRT54G for years sitting around gathering dust, waiting for the day for broadband to arrive. I'm tinkering with it too.
I finally just got broadband in my area and I'm setting up a web server on a test network so I can tinker with things. I've had the WRT54G for years sitting around gathering dust, waiting for the day for broadband to arrive. I'm tinkering with it too.
I'm usng a WRT54GS V2.
O.K. from the outside if you see port 80, then you have it configured to allow managment from the Internet. You should be able to disable this. I know on mine WRT54GS you could and I beleive the difference between the two (G and GS) is that the GS included SpeedBoost.
O.K. from the outside if you see port 80, then you have it configured to allow managment from the Internet. You should be able to disable this. I know on mine WRT54GS you could and I beleive the difference between the two (G and GS) is that the GS included SpeedBoost.
ASKER
giltir - thanks, I don't want to manage it from the Internet, I'll fix that. I'm going to take a deeper look at DD-WRT and what routers\access points it works with and buy one.
Thanks to all, I'm going to close this, and divide the points.
Thanks to all, I'm going to close this, and divide the points.
ASKER
Thanks guys for having a look and helping me out.
Thanks for the points.
Not that I want to discourage you from exploring DD-WRT (or other alternative firmware) unless you want to do something that the standard firmware does not allow I would suggest that you just use what comes with your device.
The only reason I replaced the Linksys firmware was that it did not support being a wireless client and I needed that function. If I did not need that function, I would still be running the standard firmware.
Not that I want to discourage you from exploring DD-WRT (or other alternative firmware) unless you want to do something that the standard firmware does not allow I would suggest that you just use what comes with your device.
The only reason I replaced the Linksys firmware was that it did not support being a wireless client and I needed that function. If I did not need that function, I would still be running the standard firmware.
In looking at specs online the WRT54G and WRT54GS are identical except for the "S" for speedbooster feature. So the config interface should have these same options.