Jump to content

This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

Router - TG582N - Firewall and Port Forwarding: Difference between revisions

Router - TG582N - Firewall and Port Forwarding (view source)

Revision as of 21:24, 6 January 2015

2 bytes removed ,  6 January 2015
m
clean up, typos fixed: adminitrator → administrator, eg → e.g. (2)
m (clean up, typos fixed: adminitrator → administrator, eg → e.g. (2))
 
= Firewall & Security Related=
Certain aspects of the firewall can be configured from the web interface, but not all. (ege.g. adding a new 'service' needs to be done from Telnet). There is some information in the Firewall PDF Document:
*[[File:Technicolor_CPE_FirewallTechnicolor CPE Firewall.pdf]]
 
*Other information can be found on this 3rd party page: http://phil.tinsleyviaduct.com/tg582nfirewall.html
 
===Creating Custom Firewall 'Service'===
The Firewall fairly flexible, but when creating a rule you have to select the 'service' from a drop down list. There are some example already included, ege.g. telnet, smtp, but in order to create your own 'service' you need to use the telnet CLI first. here is an example to add an RTP service, which describes UDP traffic on port 1024 though to 65535:
expr add name=RTP type=serv proto=udp dstport=1024 dstportend=65535
 
 
===Configure the Firewall for IPv6===
Instead of shutting down the firewall completely, you can configure it to allow access to specific services on specific hosts. It actually works just like the IPv4 firewall--butfirewall—but the WebUI has the firewall mixed up with port-forwarding. So all of this has to be done with the Telnet CLI.
 
First, identify or define a firewall service:
 
 
=Restrict access to HTTP interface by IP:=
You may prefer to just restrict access to the router by IP - note this applies to the LAN and WAN, so you'll need to add your LAN addresses too
 
saveall
 
=Restrict access to TELNET interface by IP: =
'''Add your LAN block first, as otherwise you'll be locked out!'''
 
Here are notes on how to restrict access to the routers web and telnet interfaces, by either disabling access from the WAN (Intetnet) altogether, or by restricting access by IP address. These settings are made live as soon as they are entered, so be careful not to lock yourself out!
 
=Disable WAN access to HTTP/Telnet:=
This will disable WAN access to the routers adminitratoradministrator services
 
To disable WAN access to HTTP, HTTPS and telnet:
After that inbound and outbound PPTP should be working again.
 
PPTP & NAT? - We've seen problems when the client is behind NAT, and the ALG/NAT on the router not passing GRE through (or something) - on a Microsoft 2003 PPTP server, the client was getting timeout Error 721. The solution was to route a block of IPs for the LAN...
 
==Other pages regarding this router:==
<ncl style=bullet maxdepth=5 headings=bullet headstart=2 showcats=1 showarts=1 showfirst=1>Category:Router [[TG582N]]</ncl>
 
Reedy
editor
698

edits

Retrieved from ‘http://support.aa.net.uk/Special:MobileDiff/6445