Jump to content

This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

Router - TG582N - Firewall and Port Forwarding: Difference between revisions

Router - TG582N - Firewall and Port Forwarding (view source)

Revision as of 12:20, 25 May 2014

1,091 bytes added ,  25 May 2014
Add IPv6 firewall instructions
(Add IPv6 firewall instructions)
=== Really disabling the firewall ===
 
From a customer: While going mad with a [[TG582N|tg582n]] tonight. I discovered they try to do stateful firewalling even when the firewall is disabled in the web interface. This breaks where you want to failover to 3G. I guess it would also break if you had 2 ADSL lines.
 
Completely disabling the firewall seems to be necessary to allow [[IPv6]] connections from WAN side to network, as even when IPv4 firewall is 'off', the [[IPv6]] still seems to be firewalled.
 
To fix, put in CLI:
 
You can then go to the web interface and RTP will be in the drop down 'service' list.
 
===Configure the Firewall for IPv6===
Instead of shutting down the firewall completely, you can configure it to allow access to specific services on specific hosts. It actually works just like the IPv4 firewall--but the WebUI has the firewall mixed up with port-forwarding. So all of this has to be done with the Telnet CLI.
 
First, identify or define a firewall service:
expr list type=serv
expr add name=plex type=serv proto=tcp dstport=32400
 
Identify your host (or netblock):
expr add name=myserv_v6 type=ip addr=2001:db8::dead:beef
expr add name=allhosts_v6 type=ip addr=2001:db8::/64
 
Add the new rule to the forward_custom chain:
firewall rule add chain=forward_custom srcintf=wan dstip=myserv_v6 serv=plex action=accept
firewall rule add chain=forward_custom srcintf=wan dstip=allhosts_v6 serv=ssh action=accept
 
Show the rules:
firewall rule list chain=forward_custom
 
Remove a rule:
firewall rule delete chain=forward_custom index=1
 
(Thanks to the links above and extensive use of the router's built-in 'help' facility.)
 
= Web Browsing Interception =
= Problems connection to PPTP Servers =
 
One customer has reported problems connecting to PPTP VPN servers in either direction through a [[TG582N|tg582n]] with the 8.4.7.0 firmware.
 
Technicolor have stated that this may be due to the Application Layer Gateway system intercepting PPTP packets even when the firewall is disabled and is a deliberate feature, but that the feature can be disabled by entering the following commands in the CLI:
However the same customer has reported that this solution has not actually fixed the problem and that the PPTP entry is still visible when running the "connection applist" command even after the unbind command has been successfully run.
 
(Another customer has been able to reproduce tho issue, unable to connect to swissvpn.net, etc. but does work using the alternative OpenWRT [[ADSL Router|ADSL router]] instead).
 
After further testing with the help of Technicolor engineers we do have an actual fix for the PPTP problem.
 
==Other pages regarding this router:==
<ncl style=bullet maxdepth=5 headings=bullet headstart=2 showcats=1 showarts=1 showfirst=1>Category:Router [[TG582N]]</ncl>
 
 
Greed
1

edit

Retrieved from ‘http://support.aa.net.uk/Special:MobileDiff/5783