Re: How to turn on or off the Firewall on Linksys BEFSR41 Router?

From: Leythos (void@nowhere.com)
Date: 12/11/02 

From: Leythos <void@nowhere.com>
Date: Wed, 11 Dec 2002 12:05:39 GMT

In article <277dvuctm07apbiv9tjcgacpvce2sco8ek@4ax.com>, husker3in4
@cox.net says...
> Hi mark, thanks for the advice. I now understand that my router has a NAT (blocks in only) instead
> of a firewall (does in AND out). I just want to check to make sure that the NAT is enabled on my
> router, how do I do that?
>
> Also, on your setup, do you have WinXP's built in firewall disabled? Disableing it is the only way I
> can get the computers to access each other.
>
> I will probably install a 3rd party firewall just to be sure. Just so that I don't screw anything
> up, can you answer this?
>
> Running XP on both computers, with a Linksys BEFSR41 router, and a 3rd party firewall:
>
> XP firewall: off
> Router NAT: on
> 3rd party software: on
>
> Would this be correct?

I run XP Prof. on 4 workstations, 2000 Prof on 4 more, and 98SE on
several others. I run Windows 2000 Server on 4, and .Net Server
(standard) on 1 server.

On all the Windows XP machines I turned off the "Simple Fire sharing"
option so that each computer to provide network shares that I create to
the other systems. - I do not use XP's firewall ability on any of them.

The router does not have the ability to disable NAT, at least not that I
know of - It does a 1:MANY (one to many NAT) so that One public address
can be shared by Many internal addresses. It will provide all the
information about IP/DNS/etc to the internal computers if they are
configured to get their IP address information from a DHCP server (the
linksys router).

You can run 3rd party FW software as long as you like - I did for about
6 months on one system. I had switched from Sygate (a NAT software based
routing solution) to the Linksys (used a proxy server before that), so
the hardware device (linksys) was a real blessing to me and I was
already familiar with what NAT could/could not do.

The nicest thing about the linksys is that it has the fastest throughput
of anything on the home user market. When RoadRunner was not capped here
I was able to put 1,200K BYTES/SEC through it to the local RoadRunner
servers!

Make sure that you are running the latest firmware:

HOW TO UPGRADE:
http://www/linksys.com/support/support.asp?spid=94

UPDATED FIRMWARE FOR BEFSR41:
http://www.linksys.com/download/firmware.asp?fwid=1

The upgrade option "Click here to start downloading the new firmware for
Windows" comes with a TFTP utility, or, if your router is already one of
the newer firmwares you can upgrade the code.bin by using the "Upgrade
Firmware" link on the routers HELP page.

One thing to remember - if someone other than you installed the router,
you may have settings needed for your ISP on the SETUP page (in the
router) - copy them down on paper BEFORE you upgrade the router (even if
you did it).

The new firmware will add several features, but there here is what I use
that is important:

Under the "Password" Tab:

Make sure that you change the password to something with at least 10
characters - no names, nothing that is a word, use Upper/Lower case
letters and at least 3 numbers.

Make sure that UPnP Services is set to DISABLED.

Click Advanced (Orange TAB)

Under the "FILTERS" Tab

I have a filtered Private Port Range:
BOTH, 137 ~ 139 setup on my LAN.

Under the "Edit MAC Filter Setting"
I entered the MAC addresses of my kids computers so that they can't get
to the internet from the computers that are private areas of the house
(like their rooms) - it blocks the entire computer from getting to the
internet. If they want internet access they do it in the family room.

Other "Filters" settings - lower section of page:

Block WAN Request: Enabled
Multicast Pass Through: Enabled
IPSec Pass Through: Enabled
PPTP Pass Through: Enabled
Remote Management: Disabled, Port (I'm not telling)
Remote Upgrade: Disabled
MTU: Disabled, Size 0

(I VPN into my office, so I have IPSEC/PPTP enabled)

Under the "Forwarding" Tab

Unless you have something that you want to share with the world, don't
forward anything. If you had a public web server you would enter 80/80
in the Ext. Port, TCP, internal IP address of the web server, and ENABLE
it.

Click the "UPnP Forwarding" button - make sure that ENABLED is UNCHECKED
on all items. On "Port Triggering" make sure that there are NO
APPLICATION names, and that all values are 0 (Zero).

If you have any other questions, please let us know.

Mark

> On Wed, 11 Dec 2002 00:56:36 GMT, Leythos <void@nowhere.com> wrote:
>
> >In article <i5vcvu06cg9cibei8up2q71rg029ql112h@4ax.com>, husker15
> >@cox.net says...
> >> I know some of you have to have this same router since it is a very popular one.
> >> How is the firewall turned on or off? I want to check it to make sure it is on.
> >
> >There is NO FIREWALL in the device - I have one, and have installed MANY
> >of them. The "Firewall" that all of the personal router vendors speak of
> >is what the rest of us call NAT (Network Address Translation). The
> >router translates your WAN (internet) side into LAN (personal network)
> >side addresses and doesn't let anything in that wasn't invited by
> >something on the inside.
> >
> >The way it protects you is by blocking unsolicited outside connections
> >to your inside network. I'll let you read up on what firewall are, as
> >opposed to just a NAT Router.
> >
> >So you can feel comfortable - I've run the BEFSR41 for almost 3 years
> >and never had a problem. Just make sure that EVERY COMPUTER ON THE
> >INSIDE IS RUNNING ANTIVIRUS SOFTWARE.
> >
> >The key thing to remember is that none of these ROUTERS stop anything
> >from leaving your network and getting OUT to the internet. None of these
> >ROUTERS inspect the traffic going IN/OUT of your network.
> >
> >
> >> One more question: I am using WinXP on both computers on the network with this router.
> >> I want to have both computers share interent and access each other, it seems the only way to do this
> >> is to turn off the built in firewall in WinXP. If I leave it on I can share internet but the
> >> computers cannot access each other. Is it somehow configurable to leave the WinXP firewall ON and
> >> still have the computers talk to each other, or do I just need to leave WinXP's firewall OFF and
> >> just use the Linksys router's firewall? Or would I be better off using a 3rd party firewall? (Zone
> >> Alarm, Norton etc).
> >
> >I have my BEFSR41 connected to two 16 port switches - all my computers
> >can access the internet at the same time and all of them can share files
> >between each other. I have a bunch of servers too, but I won't go into
> >all of that.
> >
> >> And, if I use a 3rd party firewall, do I need to disable the Linksys firewall or will they both work
> >> together?
> >
> >You don't need 3rd party firewall if you have the router and a good
> >Antivirus program on each of them.
> >
> >> Sorry for all the newbie questions, I just want to know the best way to do this and i'm pretty
> >> clueless as you can see. :)
> >
> >We've all been there before - come back if you need help.
> >
> >Mark
> >
> >--
>
> 

-- 
--
Leythos999@columbus.rr.com
(Remove 999 to reply to me)