Just bought N900, seems to work fine and very powerful wifi.
However, I consider the Firewall to be very important to my home network, and there is basically NO documentation on the Firewall. It just says “This router has a firewall, and here’s the web page where you can create firewall rules.” This leaves unanswered many questions, for instance:
Does the firewall do any stateful filtering? This functionality is standard for Linux now, and presumably the N900 has Linux-based firmware (most devices do, these days), but did they enable it? I’ve used Linksys routers for the last 15 years, and they always do stateful filtering, and without it it’s much harder to create useful port filtering rules; but the N900 docs don’t mention it.
In the Firewall Rules web page, is it valid to use ‘*’ to specify “all WAN IP addresses”? (It accepts such a setting, but how do I know it’s doing the right thing?
Likewise, is it valid to use ‘*’ to specify “all port numbers”? (Again, it does accept such a setting.)
Does this software use the usual Linux rule-order behavior? E.g., if I
* allow a certain communication on port 500
* then in a later rule deny all communication on ports 400-600
will the first rule take precedence?
Finally, there seems to be a pretty bad bug in the Firewall Rule editing page: If you have more than 6 rules, and try to edit or add another one, it complains that the fourth rule “already exists”, and won’t accept the changes. This makes it pretty impossible to do anything sophisticated, because you can’t try and adjust rules, you have to get them all right, and type them all in, all at once.
If a forum moderator is listening, and can pass that bug on to the dev team, it would be great to see a fix.
If anyone has a pointer to documentation for the firewall used in the N900, that would be great too.
Is it possible to get the answer to his questions here instead of routing everyone to customer service?
I understood the idea of thees blogs as a place to answer commonly asked questions for customers.
I also have the same concerns about the firewall settings. The documentation is poor at best concerning this topic.
Please supply additional info so I can configure my public access points properly and with confidence that I will not be hacked due to a misconfiguration.
I have the N900 router and have the same questions about the firewall settings. Does anyone have the answers to these questions???
Also, I would like to restrict access by IP address to one of my LAN computers running remote desktop. Ideally, I’d like to restrict access to all the possible IP addresses in my entire workplace, which runs from 154.1.1.1 to 154.1.255.255 (actual numbers changed to protect the innocent, but you get the idea). However, using the firewall rules, I can only use a rule to allow 154.1.1.1 through 154.1.1.255 for example, and therefore the rule structure is too prohibitive to do this. On my ancient Dlink router I could even set an inbound filter rule that restricted inbound access to the remote desktop port to all IP adresses from 154.1.1.1 through 154.1.255.255 with just a single rule.
Is this something that can be addressed with a firmware update?
So no one knows about the specifics of the firewall settings on this router? Just as an aside, I returned an ASUS router that had a very nice interface and was one of the few routers I’ve used that accurately listed the connected (wired and wireless) clients in real time. However, it had no inbound filtering/firewalling options, so that was a dealbreaker for me. Do most folks here just not use inbound filtering/firewalling?
I’ve got a support request opened, but it has been a couple of days and haven’t heard back yet.
Ok… its been a year since this was last proposed. I have a 750 with the most current firmware and I too have this same issue. Rule #4, I can create it but it defaults the action to deny, any changes that are attemtped to the rule will not save as I get a message stating the rule already exists. Please help us resolve this here so that others can get their answers without bother support…
Ok… its been a year since this was last proposed. I have a 750 with the most current firmware and I too have this same issue. Rule #4, I can create it but it defaults the action to deny, any changes that are attemtped to the rule will not save as I get a message stating the rule already exists. Please help us resolve this here so that others can get their answers without bother support…
That’s weird that it changes to Deny after saving the settings. I noticed that IFF the Source IP Range and the Destination IP Range matches exactly, then there will be a prompt that “Rule # already exists.” This happens even if the 2 rules have different port ranges. To get around it I just change the range on one of the fields.
Failure Example:
Rule 1 Source IP Range: 64.55.23.35, Destination Range: 192.168.1.100-192.168.1.100, Port 1000
Rule 2 Source IP Range: 64.55.23.35, Destination Range: 192.168.1.100-192.168.1. 100 , Port 2000
Working Example:
Rule 1 Source IP Range: 64.55.23.35, Destination Range: 192.168.1.100-192.168.1.100, Port 1000
Rule 2 Source IP Range: 64.55.23.35, Destination Range: 192.168.1.100-192.168.1. 101 , Port 2000
number one need new coders. first post because it took forever thinking out of box and think you all should know.Rule one both pc and wan cant be set to any .01. therefore change ips to ex. i used 192.168.0.2 wan and 10.0.0.2.lan this will avoid conflict on network also, do not use tcp and udp, need to do them seperately udp then tcp also use block only. rules list used 1234 and so on. set ips start 192.168.0.1 end 192.168.0.3, 10.0.0.1 end 10.0.0.3. to cover used ip.ICMP covers all ips. For example if you want to block time on 123 port block use 1 to 122 udp then 1 to 122 tcp. 124 tcp 124 udp to next port to block and an again having next port set tcp and udp. hope this helps you all. Basicly dont have any of the two ips end .01.
i would like to say could be 192.168.1.2 look on admin page i think assiged automaticlly do to gateway 192.168 .1.1 if connect directly to modem. i have one computer on many devices so i am 192.168.0.2.
also need to raise 10.0.0.2 ending higher if you have more devices connected 1 per number this is done in lan set.
Remember router login ip will change to 10.0.0.2.This is lan setting is 10.0.0.2 for me and wan is your 192.168.1.2. just make sure ends in .02. under source you do this.
last post wrong.go to lan devices end of page for see what ips are with all devices hook up see what range is best. think all should be there ethernet also. there is alot to do this all are general guidlines. phones and things like that. not sure inless listed in divices page. seems to work for me or way off base. try to help because it took me along time to do this.
