A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Microsoft Windows XP » General XP issues or comments
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Westell 7500 Modem/Router's Firewall



 
 
Thread Tools Display Modes
  #1  
Old December 12th 17, 02:34 PM posted to microsoft.public.windowsxp.general
No_Name
external usenet poster
 
Posts: 326
Default Westell 7500 Modem/Router's Firewall

Hi,

I have Verizon DSL with a Westell 7500 modem/router.

For email, I use Forte's "Agent" 7.2 client (similar to Outlook, etc.). It
uses SSL connection. Since I use gmail, I had to configure my
incoming & outgoing ports to 995 for incoming and 465 for outgoing.

I am using WinXP and it's Firewall is active.

MODEM'S FIREWALL:

In the Modem's Firewall setting, I have to use "Minimum" in
order to be able to send and receive email. Note: The other
Firewall settings in the modem are "Maximum", "Typical/Medium",
and "None".

Could I add (create) a "Port Forwarding" in this modem and change
the modem's Firewall to "Typical/Medium"?

If that would work, do you know how I should set the parameters?

Thank You in advance, John

Ads
  #2  
Old December 12th 17, 03:56 PM posted to microsoft.public.windowsxp.general
Paul[_32_]
external usenet poster
 
Posts: 11,873
Default Westell 7500 Modem/Router's Firewall

wrote:
Hi,

I have Verizon DSL with a Westell 7500 modem/router.

For email, I use Forte's "Agent" 7.2 client (similar to Outlook, etc.). It
uses SSL connection. Since I use gmail, I had to configure my
incoming & outgoing ports to 995 for incoming and 465 for outgoing.

I am using WinXP and it's Firewall is active.

MODEM'S FIREWALL:

In the Modem's Firewall setting, I have to use "Minimum" in
order to be able to send and receive email. Note: The other
Firewall settings in the modem are "Maximum", "Typical/Medium",
and "None".

Could I add (create) a "Port Forwarding" in this modem and change
the modem's Firewall to "Typical/Medium"?

If that would work, do you know how I should set the parameters?

Thank You in advance, John


The Westell 7500 receives a tip of the hat and a goring here.

https://www.cnet.com/news/verizon-ds...ing-explained/

NAT would normally offer some protection against incoming connections.
There are several flavors of NAT, and my less-than-complete understanding
is, that an outgoing connection on 12345, allows a matching incoming
connection on 12345 back to that particular PC. The connections
can be stateful, so even if a random packet to port 12345 comes
back, the sequence number in the packet can cause the packet to
be rejected. This allows protocols to be designed to work with
NAT, when a user at home, wants to reach a serving device (email
server).

On outgoing connections, OS firewalls are the best equipped to see
"unknown_executable.exe" attempting to make a connection
over "outgoing port 12345". And so blockage at that level, is
semi-intelligent. What can the Westell do, sitting at a distance
from the computers, to intelligently enforce outgoing ports ?
For example, it had better allow outgoing 80 from your machines
three browsers, so they can all work. That means both good and
bad programs can go out through port 80, at the Westell level.

Port Forwards are normally used, for bypassing NAT on incoming
connections. If you run an FTP server on your PC, to serve files
to the Internet, maybe you need to allow incoming 21 to be Port
Forwarded to 192.168.0.3 or something. It's when you run
servers, that bypassing NAT helps. Since the packets coming
in to that port are in a sense, not expected, that's what
the Port Forward helps with.

A guy here, with some knowledge of networking, spent 2+ weeks
trying to beat some sense into the 7500. I would expect he
has a flat spot on his forehead, from banging his head
against the computer screen. He eventually figured out how
to bridge one of his two modems, and use a router downstream
of it, which had understandable controls.

http://www.dslreports.com/forum/r211...-multiple-IP-s

*******

One of the boxes I have here, the router has manual rules ("IPtables"?)
for setting things up. It takes five command line style things
per "rule" inserted into the device (probably over telnet). The
user manual was not on the ISP site or anything, but I eventually
tracked down a PDF file specifically doing nothing but firewall
rules. It might have been on the order of 150 pages of text.

It was at that point, I placed the device in bridged mode,
and used my four port "consumer router" with decent web
GUI instead. I would still be using that setup today,
except for the need to have VOIP for phone service, and then
I had to start the setup zoo all over again. Currently the
VOIP box is my router (and a crummy router it is...). But for
routing purposes, it just barely has enough horsepower for the
ADSL2 plan I'm using. If I switched to a higher VDSL2 plan,
I'd need to start my network design all over again (put
VOIP box "off to the side", which could cause phone quality
issued - if I put the VOIP box off to the side, and Windows 10
opened 20 connections to do downloads, my phone call could
tear up and/or drop). Putting the VOIP box in charge of
the network, was so it's tiny processor could prioritize
phone calls, even if Windows 10 attacks the router portion
with its silly practices.

Networking is hell, that's for sure.

So the message is, yes, you can spend 2+ weeks doing experiments
with the Westell 7500. Or you can punt, and solve the problem
with money :-) My typical solution here then, is to place
the modem/router that connects to the RJ-11 into bridged
mode, and use a router downstream from that, with a web GUI
that is comprehend-able. Doing things like this, may
affect the "maintenance strategy" of the ISP, as apparently
the Westell has remote configuration capability (and probably
can do its own firmware updates too).

I'm sure that if you spent enough time data-mining dslreports,
you could find some info to help. For example, Googling

site:dslreports.com westell 7500

and see what sage advice you can find. If these ISP toys
insist on being black boxes, that even the Support Staff
don't understand, you're not going to make progress
all that quickly. Even if it had a decent manual, it
would help you make decisions and form strategies for
managing your ISP connection. With no docx at all,
and relying on Script Readers at the ISP, you're not
going to get anywhere fast.

There are just two kinds of designs. When a modem/router
hardware company designs a modem/router for Verizon, they
strip the visible feature set to the absolute minimum, and
use the three-level password scheme (to "keep customers from
messing around"). Whereas a product designed for the
consumer space, the manufacturer realizes that Newegg
reviews could rip them in terms of successful marketing,
so they'd better do a consumer-friendly job (all the
controls are exposed).

When doing bridged setups, you still need a few lines of
info from the ISP. Like VCI:VPI 0:35 to be entered into
the appropriate box (which is an ATM terminology used
with PPPOA protocol). Even if you find a page in the
7500 interface for bridging, you're going to need
that minimal set of info to finish the job. Once
a modem is bridged, you can test by plugging the
PC directly into the four port switch on the back
of the 7500. Windows has PPPOE or PPPOA support, but
you'd still need to enter a Verizon account name and
password into the PC screen, to complete the
authentication into the Verizon ADSL.

You *have* to get this **** working, in order to
keep up with the Googles of the world, and their
choices of Ports for protocols. The Westell 7500
could have opened ports from another time, the ports
used for unencrypted transport of popular protocols.
Whereas you need the encrypted port numbers opened.
And there's no guarantee, even if you turn the
Westell 7500 outgoing firewall off, that the
firewall is transparent.

There is Port Forwarding on incoming, to bypass NAT.

But a firewall implemented in the router section,
can have incoming or outgoing rules as well, rules
which may not be documented. If you could find
a 150 page manual with documentation on telnet into
the modem to change the IP tables, that may influence
the outgoing problems. Each Firewall outgoing "level"
setting, will have its own canned IPTables blob to load.

Paul
  #3  
Old December 13th 17, 02:57 PM posted to microsoft.public.windowsxp.general
No_Name
external usenet poster
 
Posts: 326
Default Westell 7500 Modem/Router's Firewall

SNIP
The Westell 7500 receives a tip of the hat and a goring here.

https://www.cnet.com/news/verizon-ds...ing-explained/

Hi Paul,

I saved the page via the link you provided above. It is VERY
INFORMATIVE.

I only have ONE PC connected to Modem. I don't have a FTP
server on my PC.

Regarding networking, there is a lot I need to learn.

Thank You Very Much, John

NAT would normally offer some protection against incoming connections.
There are several flavors of NAT, and my less-than-complete understanding
is, that an outgoing connection on 12345, allows a matching incoming
connection on 12345 back to that particular PC. The connections
can be stateful, so even if a random packet to port 12345 comes
back, the sequence number in the packet can cause the packet to
be rejected. This allows protocols to be designed to work with
NAT, when a user at home, wants to reach a serving device (email
server).

On outgoing connections, OS firewalls are the best equipped to see
"unknown_executable.exe" attempting to make a connection
over "outgoing port 12345". And so blockage at that level, is
semi-intelligent. What can the Westell do, sitting at a distance
from the computers, to intelligently enforce outgoing ports ?
For example, it had better allow outgoing 80 from your machines
three browsers, so they can all work. That means both good and
bad programs can go out through port 80, at the Westell level.

Port Forwards are normally used, for bypassing NAT on incoming
connections. If you run an FTP server on your PC, to serve files
to the Internet, maybe you need to allow incoming 21 to be Port
Forwarded to 192.168.0.3 or something. It's when you run
servers, that bypassing NAT helps. Since the packets coming
in to that port are in a sense, not expected, that's what
the Port Forward helps with.

A guy here, with some knowledge of networking, spent 2+ weeks
trying to beat some sense into the 7500. I would expect he
has a flat spot on his forehead, from banging his head
against the computer screen. He eventually figured out how
to bridge one of his two modems, and use a router downstream
of it, which had understandable controls.

http://www.dslreports.com/forum/r211...-multiple-IP-s

*******

One of the boxes I have here, the router has manual rules ("IPtables"?)
for setting things up. It takes five command line style things
per "rule" inserted into the device (probably over telnet). The
user manual was not on the ISP site or anything, but I eventually
tracked down a PDF file specifically doing nothing but firewall
rules. It might have been on the order of 150 pages of text.

It was at that point, I placed the device in bridged mode,
and used my four port "consumer router" with decent web
GUI instead. I would still be using that setup today,
except for the need to have VOIP for phone service, and then
I had to start the setup zoo all over again. Currently the
VOIP box is my router (and a crummy router it is...). But for
routing purposes, it just barely has enough horsepower for the
ADSL2 plan I'm using. If I switched to a higher VDSL2 plan,
I'd need to start my network design all over again (put
VOIP box "off to the side", which could cause phone quality
issued - if I put the VOIP box off to the side, and Windows 10
opened 20 connections to do downloads, my phone call could
tear up and/or drop). Putting the VOIP box in charge of
the network, was so it's tiny processor could prioritize
phone calls, even if Windows 10 attacks the router portion
with its silly practices.

Networking is hell, that's for sure.

So the message is, yes, you can spend 2+ weeks doing experiments
with the Westell 7500. Or you can punt, and solve the problem
with money :-) My typical solution here then, is to place
the modem/router that connects to the RJ-11 into bridged
mode, and use a router downstream from that, with a web GUI
that is comprehend-able. Doing things like this, may
affect the "maintenance strategy" of the ISP, as apparently
the Westell has remote configuration capability (and probably
can do its own firmware updates too).

I'm sure that if you spent enough time data-mining dslreports,
you could find some info to help. For example, Googling

site:dslreports.com westell 7500

and see what sage advice you can find. If these ISP toys
insist on being black boxes, that even the Support Staff
don't understand, you're not going to make progress
all that quickly. Even if it had a decent manual, it
would help you make decisions and form strategies for
managing your ISP connection. With no docx at all,
and relying on Script Readers at the ISP, you're not
going to get anywhere fast.

There are just two kinds of designs. When a modem/router
hardware company designs a modem/router for Verizon, they
strip the visible feature set to the absolute minimum, and
use the three-level password scheme (to "keep customers from
messing around"). Whereas a product designed for the
consumer space, the manufacturer realizes that Newegg
reviews could rip them in terms of successful marketing,
so they'd better do a consumer-friendly job (all the
controls are exposed).

When doing bridged setups, you still need a few lines of
info from the ISP. Like VCI:VPI 0:35 to be entered into
the appropriate box (which is an ATM terminology used
with PPPOA protocol). Even if you find a page in the
7500 interface for bridging, you're going to need
that minimal set of info to finish the job. Once
a modem is bridged, you can test by plugging the
PC directly into the four port switch on the back
of the 7500. Windows has PPPOE or PPPOA support, but
you'd still need to enter a Verizon account name and
password into the PC screen, to complete the
authentication into the Verizon ADSL.

You *have* to get this **** working, in order to
keep up with the Googles of the world, and their
choices of Ports for protocols. The Westell 7500
could have opened ports from another time, the ports
used for unencrypted transport of popular protocols.
Whereas you need the encrypted port numbers opened.
And there's no guarantee, even if you turn the
Westell 7500 outgoing firewall off, that the
firewall is transparent.

There is Port Forwarding on incoming, to bypass NAT.

But a firewall implemented in the router section,
can have incoming or outgoing rules as well, rules
which may not be documented. If you could find
a 150 page manual with documentation on telnet into
the modem to change the IP tables, that may influence
the outgoing problems. Each Firewall outgoing "level"
setting, will have its own canned IPTables blob to load.

Paul


 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off






All times are GMT +1. The time now is 03:06 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 PCbanter.
The comments are property of their posters.