MrYogi
join:2003-03-28
Reston, VA
| Locking All but some LAN to WAN traffic on P334 I am having problems understanding my firewall setting.
I want to lock all but some traffic Lan to Wan.
Like this
I am not able to find that option on the web interface. The only way I can do this using web interface is to type each port number and block it in the services.
Should I do it using telnet?
Available services are all the services that are available from LANtoWAN. Blocked services are all the services that are not available from LANtoWAN. Am I understanding it right?
Thank yoU | |
|
 |
jbibe
Premium,MVM
join:2001-02-22
1 edit | Re: Locking All but some LAN to WAN traffic on P334 I gave an outline of one method of controlling all of the LAN to WAN traffic in one of your previous threads:
»Re: What ports to block?
You must decide exactly what you would like to accomplish. When you have an exact list, describe your desires in detail. | |
|
 |
MrYogi
join:2003-03-28
Reston, VA
| Re: Locking All but some LAN to WAN traffic on P334 In your instructions,
said by jbibe  :
1. Set the LAN to WAN logging on the Firewall Settings screen to Log All.
2. Enable Services Blocking
3. Enable Everyday (in Day to Block)
4. Enable All Day (in Time of Day to Block)
5. Add the Services (ports) that you want to allow
6. Press Apply
I am not able to understand # 5.
Add the ports that you want to allow? Where do I add them? On the services screen, there are available services and blocked services. There is a way to add services(ports) to blocked services. There is no way to add specific ports to available services.
Am I getting it right?
Thank you | |
|
| | 
Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
2 edits | Re: Locking All but some LAN to WAN traffic on P334 No you just have not hoisted in his methodology
You are going to turn block services inside out!
First enable the services
Identify the services your are going to EVENTUALLY ALLOW by blocking them........ (think of it at this point as an identifying process if it helps....)
Then your going into the CLI manual entry set, and change the current default for LAN to WAN from allow to block.
Currently, all services from LAN to WAN are allowed. That is why block services is in place - BlOck Services is basically a way of providing LAN to WAN rules..................
Jbibe through the CLI set then changes the default setting to BLOCK ALL, instead of ALLOW all. These commands are not available on the Gui but exist in the router via manual methods.
THEN he manually changes the rules for the services you have identified in the web GUI from BLOCK to FORWARD(allow).
Now you have a LAN to WAN that is locked down, but allows those services you have identified to pass through..
Its simple, brilliant, and typical Jbibe.
In your mind, change the words "BLOCK SERVICES" TO
"LAN TO WAN RULES"
Before
LAN TO WAN - set to Allow All
Block Services - LAN to WAN rules Off (not enabled)
Default for Identified Services is Blocked
After
LAN to WAN - set to BLOCK All
Block Services - LAN to WAN rules ON (EnABLED)
Default for Identifed services is Allowed
--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner" | |
|
| | jbibe
Premium,MVM
join:2001-02-22
| In the example, the initial setup allows all services you want to block, and blocks all of the services you want to allow. After that initial setup, CLI commands are used to reverse these actions. So you select the services you want to allow from the Service list, even though it says block.
Are you planning to block some services for part of the day? For example, do you plan to block all access during the night? If so, then you cannot use the example. | |
|
| | |
Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
1 edit | Re: Locking All but some LAN to WAN traffic on P334 Well thats another example JBIBE,
I would say that the user should be able to delineate with the time/day/week function..
WHEN HE WANTS THOSE SERVICES FORWARDED
My question is what happens when its outside the time/day/week , I would say that the services identified for forwarding would join the rest of the default and be blocked ie not forwarded.....
--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner" | |
|
| | | | jbibe
Premium,MVM
join:2001-02-22 | Re: Locking All but some LAN to WAN traffic on P334 I have not tested your example, but it probably works as you suggest. | |
|
| | | | |
Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
| Re: Locking All but some LAN to WAN traffic on P334 said by jbibe :
I have not tested your example, but it probably works as you suggest.
But of course, its Llama logic 
--
Ain't nuthin but the blues! "Albert Collins". Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner" | |
|
|
|
|
·