I am using a Westell Model 6100 Proline wired router.
The router has two connection plugins:
- one plugin connection to the telephone outside line (simple), and
- one plugin connection that I have plugged into the ISDN modem that came out with old Compaq machine.
Over the past 10 years, I have used only the Dialup modem, so this router business is a very new to me.
The router installation went pretty well, but I soon found that it had an internal firewall that allows for custom settings to be made. After setting the firewall to much stricter levels and setting it to LOG all Inbound connection attempts, I soon found that there were MANY MANY different people (computers) from around the world (mostly China) trying to connect to my computer, even when there was NO web activity coming from my end.
After experimenting around with the router firewall settings, I found that I WAS able to block ALL Inbound traffic, on all ports from Port 0 to 65535 and was still able to connect to any website.
Later, I began to experiment with blocking as many Outbound ports as possible. With all Outbound ports blocked, from port 0 to 65535 (except port 80), I have still been able to do pretty much the same as before, but occasionally I do have to reload a web page (seldom). These settings I have applied for both TCP & UDP.
I normally always shut down my computer at the end of the day, disconnect the router from the internet & unplug the power to it. On restarting the next day, I can first plug in the power to the router, then immediately turn on the computer (remember this is the Win 98SE startup time added in), and everything always works fine, with no problems connecting to the router & then to the internet that I have found.
The problem with the extremely strict router firewall settings that I have is this:
if I need to Restart my computer for any variety of reasons (remember this is Win 98Se), the router will not recognize and connect up to the computer after the restart. On my "TCPview" program (Sysinternals.com-Russinovich...) I get the standard link local IP address that comes up when there is no connection to the router. I think it's something that starts with 169.xxx.xxx.xxx.
If I shut the computer down completely and power down the router, as in a cold restart, everything works just fine as before and the router assigns the same 192.168.1.10 address to the computer as always.
One of the first things I have tried is to allow the lower port range between the router & my computer with the following custom rules I created on the ALLOW page:
Rule Name (This is the Firewall ALLOW RULES page):
HAL_UDP show details
Protocol UDP
Source IP 192.168.1.10 (the router always assigns this IP # to my computer)
Source Netmask 255.255.255.255 (I have NO IDEA how to set this)
Source Port Range 0 : 1024 (this is my guess at the port range)
Destination IP 192.168.1.1 (this is the router's IP address)
Destination Netmask 255.255.255.255 (I have NO IDEA how to set this)
Destination Port Range 0 : 1024 (this is my guess at the port range)
Mode Log
Direction Both
delete hide details modify
--------------------------------------------------
HAL_TCP show details
Protocol TCP
Source IP 192.168.1.10 (the router always assigns this IP # to my computer)
Source Netmask 255.255.255.255 (I have NO IDEA how to set this)
Source Port Range 0 : 1024 (this is my guess at the port range)
Destination IP 192.168.1.1 (this is the router's IP address)
Destination Netmask 255.255.255.255 (I have NO IDEA how to set this)
Destination Port Range 0 : 1024 (this is my guess at the port range)
Mode Log
Direction Both
delete hide details modify
--------------------------------------------------
Basically I want to only allow communication between my computer & the router (to the web of course), with only the least possible ports open & IP address range necessary between them.
Is/are there any particular port(s) that need to be left open, such as UDP: 137-138 & TCP: 137-139 ??? I had also read somewhere that there was something about DNS lookup on Port 53 (I think?).
Even without the above ALLOW rules in place, I can still connect to the web (with port 80 only left open on the DENY page on the Outbound traffic).
--------------------------------------------------
Another one of the things that I have been experimenting with is the Network Settings in the Control Panel on My Computer:
Start>Settings>Control Panel>Network>Configuration Tab>TCP/IP Properties>IP Address tab, with the following two radio button options:
- obtain an IP address automatically (previously setting before I began experimenting)
- specify an IP address (this is where I thought I might get some results)
Specify An IP Address:
192.168.1.10 (I tried the number normally assigned by the router)
Subnet Mask:
xxx.xxx.xxx.xxx (I have no Idea what this is or what to input here!)
--------------------------------------
At first I tried the IP address that is automatically assigned by the router to the computer on startup:
192.168.1.10 (this is the standard assignment from the router to the one computer connected to it), but I have been unable to figure out (Again) what to input to the Subnet Mask. Any Ideas????
-------------------------------------
I did find a page on the web that had a subnet calculator:
SubnetOnline.com - SubnetMask Calculator
...but it asks for IP address ranges to input into the calculator:
"Please give me your last IP address in your range (i.e. 192.168.91.254) : "
"Please give me your first IP address in your range (i.e. 192.168.90.1) :"
& every guess I have made so far as to what that is has returned only the inability to get onto the web, but in every case I was able to communicate with the router.
If there are any guru's here on this subject, I would greatly appreciate any input. If not, then could someone direct me to a website where I can learn about this stuff, as long as it's not Wikipedia (been there & several other places). Maybe some remedial web site made for IP dummies or something. I intend to continue until I learn this stuff, however long it takes......Thanks.....
The router has two connection plugins:
- one plugin connection to the telephone outside line (simple), and
- one plugin connection that I have plugged into the ISDN modem that came out with old Compaq machine.
Over the past 10 years, I have used only the Dialup modem, so this router business is a very new to me.
The router installation went pretty well, but I soon found that it had an internal firewall that allows for custom settings to be made. After setting the firewall to much stricter levels and setting it to LOG all Inbound connection attempts, I soon found that there were MANY MANY different people (computers) from around the world (mostly China) trying to connect to my computer, even when there was NO web activity coming from my end.
After experimenting around with the router firewall settings, I found that I WAS able to block ALL Inbound traffic, on all ports from Port 0 to 65535 and was still able to connect to any website.
Later, I began to experiment with blocking as many Outbound ports as possible. With all Outbound ports blocked, from port 0 to 65535 (except port 80), I have still been able to do pretty much the same as before, but occasionally I do have to reload a web page (seldom). These settings I have applied for both TCP & UDP.
I normally always shut down my computer at the end of the day, disconnect the router from the internet & unplug the power to it. On restarting the next day, I can first plug in the power to the router, then immediately turn on the computer (remember this is the Win 98SE startup time added in), and everything always works fine, with no problems connecting to the router & then to the internet that I have found.
The problem with the extremely strict router firewall settings that I have is this:
if I need to Restart my computer for any variety of reasons (remember this is Win 98Se), the router will not recognize and connect up to the computer after the restart. On my "TCPview" program (Sysinternals.com-Russinovich...) I get the standard link local IP address that comes up when there is no connection to the router. I think it's something that starts with 169.xxx.xxx.xxx.
If I shut the computer down completely and power down the router, as in a cold restart, everything works just fine as before and the router assigns the same 192.168.1.10 address to the computer as always.
One of the first things I have tried is to allow the lower port range between the router & my computer with the following custom rules I created on the ALLOW page:
Rule Name (This is the Firewall ALLOW RULES page):
HAL_UDP show details
Protocol UDP
Source IP 192.168.1.10 (the router always assigns this IP # to my computer)
Source Netmask 255.255.255.255 (I have NO IDEA how to set this)
Source Port Range 0 : 1024 (this is my guess at the port range)
Destination IP 192.168.1.1 (this is the router's IP address)
Destination Netmask 255.255.255.255 (I have NO IDEA how to set this)
Destination Port Range 0 : 1024 (this is my guess at the port range)
Mode Log
Direction Both
delete hide details modify
--------------------------------------------------
HAL_TCP show details
Protocol TCP
Source IP 192.168.1.10 (the router always assigns this IP # to my computer)
Source Netmask 255.255.255.255 (I have NO IDEA how to set this)
Source Port Range 0 : 1024 (this is my guess at the port range)
Destination IP 192.168.1.1 (this is the router's IP address)
Destination Netmask 255.255.255.255 (I have NO IDEA how to set this)
Destination Port Range 0 : 1024 (this is my guess at the port range)
Mode Log
Direction Both
delete hide details modify
--------------------------------------------------
Basically I want to only allow communication between my computer & the router (to the web of course), with only the least possible ports open & IP address range necessary between them.
Is/are there any particular port(s) that need to be left open, such as UDP: 137-138 & TCP: 137-139 ??? I had also read somewhere that there was something about DNS lookup on Port 53 (I think?).
Even without the above ALLOW rules in place, I can still connect to the web (with port 80 only left open on the DENY page on the Outbound traffic).
--------------------------------------------------
Another one of the things that I have been experimenting with is the Network Settings in the Control Panel on My Computer:
Start>Settings>Control Panel>Network>Configuration Tab>TCP/IP Properties>IP Address tab, with the following two radio button options:
- obtain an IP address automatically (previously setting before I began experimenting)
- specify an IP address (this is where I thought I might get some results)
Specify An IP Address:
192.168.1.10 (I tried the number normally assigned by the router)
Subnet Mask:
xxx.xxx.xxx.xxx (I have no Idea what this is or what to input here!)
--------------------------------------
At first I tried the IP address that is automatically assigned by the router to the computer on startup:
192.168.1.10 (this is the standard assignment from the router to the one computer connected to it), but I have been unable to figure out (Again) what to input to the Subnet Mask. Any Ideas????
-------------------------------------
I did find a page on the web that had a subnet calculator:
SubnetOnline.com - SubnetMask Calculator
...but it asks for IP address ranges to input into the calculator:
"Please give me your last IP address in your range (i.e. 192.168.91.254) : "
"Please give me your first IP address in your range (i.e. 192.168.90.1) :"
& every guess I have made so far as to what that is has returned only the inability to get onto the web, but in every case I was able to communicate with the router.
If there are any guru's here on this subject, I would greatly appreciate any input. If not, then could someone direct me to a website where I can learn about this stuff, as long as it's not Wikipedia (been there & several other places). Maybe some remedial web site made for IP dummies or something. I intend to continue until I learn this stuff, however long it takes......Thanks.....