Re: Forwarding by source IP: Linksys BEFSX41?

From: MyndPhlyp (notreally@home.now)
Date: 03/06/03 

From: "MyndPhlyp" <notreally@home.now>
Date: Thu, 6 Mar 2003 06:57:05 -0500

"Jim Seymour" <jseymour@spamcop.net> wrote in message
news:b43cu00dah@enews2.newsguy.com...
> Last week, I asked here about routers that support forwarding based on the
> source IP. I got a few suggestions - including the Zyxel Zywall 10 (which
> looks good) and SonicWall (also good, but more expensive).
>
> However, I also just found the Linksys BEFSX41 - which I can get for only
> $85. This appeals to me not only because of the cost, but because I've
had
> good results with the BEFSR11/41 models at a number of sites. Does anyone
> have experience with this unit?
>
> My specific need is to forward Windows Remote Desktop connections from
four
> employees' home PC's to their work PC's. (They all have DSL service with
> static IP addresses). The connections normally come in on port 3389, but
I
> can change that for each user - if need be.
>
> If I read the Linksys user manual correctly, it doesn't specifically
forward
> based on source IP, but I could set up packet filters for four specific
> ports, then forward each to the appropriate PC.
>
> Am I off base here? Or is the extra $120 for the ZyWall worth the price?

You are correct. The BEFSX41 forwards based on Port. I haven't tried this
possibility though - you could use Filters and allow inbound traffic for
specific MAC addresses or IP address ranges on specific TCP or UDP ports and
then forward the port(s) to a specific machine. With four home machines
targeting four office PCs, you would set up on four separate Ports.

The thing I'm not sure about is the precedence in the firewall layers. I
know from experimenting that "Block WAN Requests" can be preempted by
Forwarding. Based on some Filters I set up a long time ago and the resulting
log entries, it appears Filters also preempt "Block WAN Requests." But
there's still the question of whether Filters take place before or after (or
at the same level, God forbid) as Forwarding. You could take advantage of
the "30-day purchase satisfaction" guarantee (if your vendor offers such a
thing) and try it as an experiment.

One thing for sure, the documentation is very thin. Don't look for much help
there.

Relevant Pages

  • Re: file/printer sharing
    ... The ports that I listed are what the File and Printer Sharing service, ... With WF, which filters both incoming and outgoing traffic, you enable a preset ... With Sygate PF, which is rules based, but has a gui interface, I think you ...
    (microsoft.public.windowsxp.network_web)
  • Re: Firewall and Home Network
    ... Generally speaking your incoming filters will prevent "unsolicited" attempts ... is the case with your router. ... As far as outbound filters I've seen them implemented in several ways. ... Or you can start with everything open and then close down the ports you ...
    (comp.security.firewalls)
  • RE: Query: Filtered Ports I do not use. Should i be worried?
    ... Subject: Query: Filtered Ports I do not use. ... I ran a scan from an external network on various ports. ... DLINK to PBX. ... it filters! ...
    (Security-Basics)
  • Re: Windows TCP/IP Filtering
    ... Filters are not the way to go. ... believe the Window's normal TCP/IP Filters are "statefull" and therefore ... can't adjust for the "random client ports". ... This allows me to server an ssl website, email, dns, sql ...
    (microsoft.public.windows.server.networking)
  • Re: Request for help: troubleshooting pcAnywhere with TZO + Linksys
    ... successfully forwarding ports 8000, 8001 and 8080 to my Web server, ... and despite the fact that the router's Port Forwarding configuration ... >>Tried connecting to the pcA host via a pcA remote from another one of ...
    (comp.security.firewalls)