If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Westell 7500 Modem/Router's Firewall
Hi,
I have Verizon DSL with a Westell 7500 modem/router. For email, I use Forte's "Agent" 7.2 client (similar to Outlook, etc.). It uses SSL connection. Since I use gmail, I had to configure my incoming & outgoing ports to 995 for incoming and 465 for outgoing. I am using WinXP and it's Firewall is active. MODEM'S FIREWALL: In the Modem's Firewall setting, I have to use "Minimum" in order to be able to send and receive email. Note: The other Firewall settings in the modem are "Maximum", "Typical/Medium", and "None". Could I add (create) a "Port Forwarding" in this modem and change the modem's Firewall to "Typical/Medium"? If that would work, do you know how I should set the parameters? Thank You in advance, John |
Ads |
#2
|
|||
|
|||
Westell 7500 Modem/Router's Firewall
wrote:
Hi, I have Verizon DSL with a Westell 7500 modem/router. For email, I use Forte's "Agent" 7.2 client (similar to Outlook, etc.). It uses SSL connection. Since I use gmail, I had to configure my incoming & outgoing ports to 995 for incoming and 465 for outgoing. I am using WinXP and it's Firewall is active. MODEM'S FIREWALL: In the Modem's Firewall setting, I have to use "Minimum" in order to be able to send and receive email. Note: The other Firewall settings in the modem are "Maximum", "Typical/Medium", and "None". Could I add (create) a "Port Forwarding" in this modem and change the modem's Firewall to "Typical/Medium"? If that would work, do you know how I should set the parameters? Thank You in advance, John The Westell 7500 receives a tip of the hat and a goring here. https://www.cnet.com/news/verizon-ds...ing-explained/ NAT would normally offer some protection against incoming connections. There are several flavors of NAT, and my less-than-complete understanding is, that an outgoing connection on 12345, allows a matching incoming connection on 12345 back to that particular PC. The connections can be stateful, so even if a random packet to port 12345 comes back, the sequence number in the packet can cause the packet to be rejected. This allows protocols to be designed to work with NAT, when a user at home, wants to reach a serving device (email server). On outgoing connections, OS firewalls are the best equipped to see "unknown_executable.exe" attempting to make a connection over "outgoing port 12345". And so blockage at that level, is semi-intelligent. What can the Westell do, sitting at a distance from the computers, to intelligently enforce outgoing ports ? For example, it had better allow outgoing 80 from your machines three browsers, so they can all work. That means both good and bad programs can go out through port 80, at the Westell level. Port Forwards are normally used, for bypassing NAT on incoming connections. If you run an FTP server on your PC, to serve files to the Internet, maybe you need to allow incoming 21 to be Port Forwarded to 192.168.0.3 or something. It's when you run servers, that bypassing NAT helps. Since the packets coming in to that port are in a sense, not expected, that's what the Port Forward helps with. A guy here, with some knowledge of networking, spent 2+ weeks trying to beat some sense into the 7500. I would expect he has a flat spot on his forehead, from banging his head against the computer screen. He eventually figured out how to bridge one of his two modems, and use a router downstream of it, which had understandable controls. http://www.dslreports.com/forum/r211...-multiple-IP-s ******* One of the boxes I have here, the router has manual rules ("IPtables"?) for setting things up. It takes five command line style things per "rule" inserted into the device (probably over telnet). The user manual was not on the ISP site or anything, but I eventually tracked down a PDF file specifically doing nothing but firewall rules. It might have been on the order of 150 pages of text. It was at that point, I placed the device in bridged mode, and used my four port "consumer router" with decent web GUI instead. I would still be using that setup today, except for the need to have VOIP for phone service, and then I had to start the setup zoo all over again. Currently the VOIP box is my router (and a crummy router it is...). But for routing purposes, it just barely has enough horsepower for the ADSL2 plan I'm using. If I switched to a higher VDSL2 plan, I'd need to start my network design all over again (put VOIP box "off to the side", which could cause phone quality issued - if I put the VOIP box off to the side, and Windows 10 opened 20 connections to do downloads, my phone call could tear up and/or drop). Putting the VOIP box in charge of the network, was so it's tiny processor could prioritize phone calls, even if Windows 10 attacks the router portion with its silly practices. Networking is hell, that's for sure. So the message is, yes, you can spend 2+ weeks doing experiments with the Westell 7500. Or you can punt, and solve the problem with money :-) My typical solution here then, is to place the modem/router that connects to the RJ-11 into bridged mode, and use a router downstream from that, with a web GUI that is comprehend-able. Doing things like this, may affect the "maintenance strategy" of the ISP, as apparently the Westell has remote configuration capability (and probably can do its own firmware updates too). I'm sure that if you spent enough time data-mining dslreports, you could find some info to help. For example, Googling site:dslreports.com westell 7500 and see what sage advice you can find. If these ISP toys insist on being black boxes, that even the Support Staff don't understand, you're not going to make progress all that quickly. Even if it had a decent manual, it would help you make decisions and form strategies for managing your ISP connection. With no docx at all, and relying on Script Readers at the ISP, you're not going to get anywhere fast. There are just two kinds of designs. When a modem/router hardware company designs a modem/router for Verizon, they strip the visible feature set to the absolute minimum, and use the three-level password scheme (to "keep customers from messing around"). Whereas a product designed for the consumer space, the manufacturer realizes that Newegg reviews could rip them in terms of successful marketing, so they'd better do a consumer-friendly job (all the controls are exposed). When doing bridged setups, you still need a few lines of info from the ISP. Like VCI:VPI 0:35 to be entered into the appropriate box (which is an ATM terminology used with PPPOA protocol). Even if you find a page in the 7500 interface for bridging, you're going to need that minimal set of info to finish the job. Once a modem is bridged, you can test by plugging the PC directly into the four port switch on the back of the 7500. Windows has PPPOE or PPPOA support, but you'd still need to enter a Verizon account name and password into the PC screen, to complete the authentication into the Verizon ADSL. You *have* to get this **** working, in order to keep up with the Googles of the world, and their choices of Ports for protocols. The Westell 7500 could have opened ports from another time, the ports used for unencrypted transport of popular protocols. Whereas you need the encrypted port numbers opened. And there's no guarantee, even if you turn the Westell 7500 outgoing firewall off, that the firewall is transparent. There is Port Forwarding on incoming, to bypass NAT. But a firewall implemented in the router section, can have incoming or outgoing rules as well, rules which may not be documented. If you could find a 150 page manual with documentation on telnet into the modem to change the IP tables, that may influence the outgoing problems. Each Firewall outgoing "level" setting, will have its own canned IPTables blob to load. Paul |
#3
|
|||
|
|||
Westell 7500 Modem/Router's Firewall
SNIP
The Westell 7500 receives a tip of the hat and a goring here. https://www.cnet.com/news/verizon-ds...ing-explained/ Hi Paul, I saved the page via the link you provided above. It is VERY INFORMATIVE. I only have ONE PC connected to Modem. I don't have a FTP server on my PC. Regarding networking, there is a lot I need to learn. Thank You Very Much, John NAT would normally offer some protection against incoming connections. There are several flavors of NAT, and my less-than-complete understanding is, that an outgoing connection on 12345, allows a matching incoming connection on 12345 back to that particular PC. The connections can be stateful, so even if a random packet to port 12345 comes back, the sequence number in the packet can cause the packet to be rejected. This allows protocols to be designed to work with NAT, when a user at home, wants to reach a serving device (email server). On outgoing connections, OS firewalls are the best equipped to see "unknown_executable.exe" attempting to make a connection over "outgoing port 12345". And so blockage at that level, is semi-intelligent. What can the Westell do, sitting at a distance from the computers, to intelligently enforce outgoing ports ? For example, it had better allow outgoing 80 from your machines three browsers, so they can all work. That means both good and bad programs can go out through port 80, at the Westell level. Port Forwards are normally used, for bypassing NAT on incoming connections. If you run an FTP server on your PC, to serve files to the Internet, maybe you need to allow incoming 21 to be Port Forwarded to 192.168.0.3 or something. It's when you run servers, that bypassing NAT helps. Since the packets coming in to that port are in a sense, not expected, that's what the Port Forward helps with. A guy here, with some knowledge of networking, spent 2+ weeks trying to beat some sense into the 7500. I would expect he has a flat spot on his forehead, from banging his head against the computer screen. He eventually figured out how to bridge one of his two modems, and use a router downstream of it, which had understandable controls. http://www.dslreports.com/forum/r211...-multiple-IP-s ******* One of the boxes I have here, the router has manual rules ("IPtables"?) for setting things up. It takes five command line style things per "rule" inserted into the device (probably over telnet). The user manual was not on the ISP site or anything, but I eventually tracked down a PDF file specifically doing nothing but firewall rules. It might have been on the order of 150 pages of text. It was at that point, I placed the device in bridged mode, and used my four port "consumer router" with decent web GUI instead. I would still be using that setup today, except for the need to have VOIP for phone service, and then I had to start the setup zoo all over again. Currently the VOIP box is my router (and a crummy router it is...). But for routing purposes, it just barely has enough horsepower for the ADSL2 plan I'm using. If I switched to a higher VDSL2 plan, I'd need to start my network design all over again (put VOIP box "off to the side", which could cause phone quality issued - if I put the VOIP box off to the side, and Windows 10 opened 20 connections to do downloads, my phone call could tear up and/or drop). Putting the VOIP box in charge of the network, was so it's tiny processor could prioritize phone calls, even if Windows 10 attacks the router portion with its silly practices. Networking is hell, that's for sure. So the message is, yes, you can spend 2+ weeks doing experiments with the Westell 7500. Or you can punt, and solve the problem with money :-) My typical solution here then, is to place the modem/router that connects to the RJ-11 into bridged mode, and use a router downstream from that, with a web GUI that is comprehend-able. Doing things like this, may affect the "maintenance strategy" of the ISP, as apparently the Westell has remote configuration capability (and probably can do its own firmware updates too). I'm sure that if you spent enough time data-mining dslreports, you could find some info to help. For example, Googling site:dslreports.com westell 7500 and see what sage advice you can find. If these ISP toys insist on being black boxes, that even the Support Staff don't understand, you're not going to make progress all that quickly. Even if it had a decent manual, it would help you make decisions and form strategies for managing your ISP connection. With no docx at all, and relying on Script Readers at the ISP, you're not going to get anywhere fast. There are just two kinds of designs. When a modem/router hardware company designs a modem/router for Verizon, they strip the visible feature set to the absolute minimum, and use the three-level password scheme (to "keep customers from messing around"). Whereas a product designed for the consumer space, the manufacturer realizes that Newegg reviews could rip them in terms of successful marketing, so they'd better do a consumer-friendly job (all the controls are exposed). When doing bridged setups, you still need a few lines of info from the ISP. Like VCI:VPI 0:35 to be entered into the appropriate box (which is an ATM terminology used with PPPOA protocol). Even if you find a page in the 7500 interface for bridging, you're going to need that minimal set of info to finish the job. Once a modem is bridged, you can test by plugging the PC directly into the four port switch on the back of the 7500. Windows has PPPOE or PPPOA support, but you'd still need to enter a Verizon account name and password into the PC screen, to complete the authentication into the Verizon ADSL. You *have* to get this **** working, in order to keep up with the Googles of the world, and their choices of Ports for protocols. The Westell 7500 could have opened ports from another time, the ports used for unencrypted transport of popular protocols. Whereas you need the encrypted port numbers opened. And there's no guarantee, even if you turn the Westell 7500 outgoing firewall off, that the firewall is transparent. There is Port Forwarding on incoming, to bypass NAT. But a firewall implemented in the router section, can have incoming or outgoing rules as well, rules which may not be documented. If you could find a 150 page manual with documentation on telnet into the modem to change the IP tables, that may influence the outgoing problems. Each Firewall outgoing "level" setting, will have its own canned IPTables blob to load. Paul |
Thread Tools | |
Display Modes | |
|
|