Re: Got a Linksys BEFSX41 Router/Firewall
- From: "Frankster" <Frank@xxxxxxxxxxxxxx>
- Date: Sat, 10 Dec 2005 10:07:56 -0700
"Leythos" <void@xxxxxxxxxxx> wrote in message
news:ZnDmf.185300$tD4.18960@xxxxxxxxxxxxxxxxxxxxxxxxx
> In article <K6OdnepHTI2XcAfenZ2dnUVZ_tWdnZ2d@xxxxxxxxxxxx>,
> Frank@xxxxxxxxxxxxxx says...
>> Okay, I had a $50-off "Reward" card and an additional 15%-off coupon from
>> Office Depot and I didn't really need anything. So... I bought a Linksys
>> BEFSX41 Router/Firewall to play with on my 8 machine network at home (4
>> 2003
>> servers, 4 XP workstations). I already have a "real" network firewall but
>> I
>> wanted to take a look a this Linksys for possible recommendation to home
>> users with minimum needs.
>>
>> Looking for some hints on config of this thing. From what I see, it is
>> easy
>> enough to block specific protocols and IPs, but how can I block
>> "everything"
>> (all TCP/UDP ports) and then specify only what I want to allow? Is there
>> a
>> way to do that on this Linksys?
>
> You can, not sure about the SX, enter IP's to be considered Private IP,
> these won't be permitted outbound access. Same with Private Ports, ports
> that don't get outbound access.
I think the SX may be different. This is the one advertised as a "Broadband
Firewall Router". Near as I can tell, the "SX" is the disignation showing
the Firewall aspect. I can not find the "Private" word anywhere in the
config.
> The main reason to purchase this units is the dedicated IPSec tunnel
> ability for site to site VPN.
Yes, that is pretty cool. Two VPNs nonetheless.
I got a great deal, since the thing only cost me about $15 LOL.... Figured
I'd learn something about low cost consumer "network firewalls". Hehe...
I am really talking about blocking inbound traffic. It does allow blocking
ranges of ports. So... I would like to block TCP/UDP 1-65536, and then
allow specific ports as an exception. Unfortunately, I cannot find any way
to except ports. Or to make specific pass-through ports. That leaves me
with having to block ranges, for instance, like: 1-19 (allow 20, 21,23 for
ftp), then 24-24 (allow 25 for SMTP), then 26-52 (allow 53 for DNS), etc.
The problem is, the unit does not allow enough fields to get all the way up
to 65536 doing it this way.
Granted, maybe this unit is not designed to provide the capability to run a
server behind it, but really, since it is advertised as a Firewall (yeah, I
know, not certified) it would allow to close all inbound and allow
exceptions. Maybe it does, but I can't figure out how to do it.
Hence, my post :-)
After re-rereading my post, maybe what I could do is just block 1-65536 and
then "forward" the desired ports, even if they are forwarded to the same
port. Would that be the same as "allowing"?
I'm used to "rule based" firewalls.
-Frank
.
- References:
- Got a Linksys BEFSX41 Router/Firewall
- From: Frankster
- Got a Linksys BEFSX41 Router/Firewall
- Prev by Date: Re: Recurrent question
- Next by Date: Re: Got a Linksys BEFSX41 Router/Firewall
- Previous by thread: Got a Linksys BEFSX41 Router/Firewall
- Next by thread: Re: Got a Linksys BEFSX41 Router/Firewall
- Index(es):
Relevant Pages
|
