|
D-LINK DSL-604+ 4 Port Wireless
Router
Tips Tricks and Configuration.
I must say, the first D-LINK
DSL 604+ Wireless Four Port
Router, I bought didnot run very
well at all. I had to have it
replaced after a couple of
weeks, after it was a complete
nightmare to make visible on my
Network, and then it just
stopped responding all together.
This was quite obviously a
firmware instability issue. It
did have the first release of
firmware on it which appears to
be rather unstable. The latest
version of firmware can be
downloaded here
http://www.dlink.com.au/tech/drivers/files/routers/dsl604+.htm
it is much more stable and seems
to keep the
D-LINK DSL-604+ Four Port
Wireless Router running fairly
smooth. There is an issue of
intermittent freezing of the
Router however due to Proxy DNS
issues. This can be corrected
after rebooting the Router or to
prevent it reoccurring again and
again follow the following
procedure:
Intermittent freezing of the
604+ Router.
Login to your Routers
Administration Web Interface.
Click on the Proxy DNS under the
Configuration Menu.
Record the DNS Address you have
in the Primary DNS and/or
Secondary DNS window/s.
Disable the Proxy DNS by
selecting disable in the
dropdown box and click OK.
The Restart window appears "Save
changes and reboot system now"
appears already selected, Check
"Continue
and do 'Save Changes' later"
Then click OK.
Click on the "DHCP
Configuration on LAN"
and type in the Primary DNS
and/or Secondary DNS window/s
the DNS addresses you recorded
in step three.
When this is done you then need
to save settings by clicking OK
and this time you need when the
Restart window appears "Save
changes and reboot system now".
The system will restart and you
are done.
Now you have got your D-LINK DSL
604+ Router running and stable,
I am sure at this point you have
the Internet already configured,
On to the next interesting
D-LINK DSL 604+ Configuration,
The Firewall.
D-LINK DSL 604+ FIREWALL
Configuration.
I believe ALL Firewalls should
have ALL Ports switched off.
This way Ports can be enabled
individually. The following step
through will only brief a few of
the most common ports, e.g.:
DNS, Browsing, and Email. A list
of Ports can be viewed at :
http://www.iana.org/assignments/port-numbers
If you are wondering "iana"
stands for "Internet Assigned
Numbers Authority".
If you are new to all this Port
and Firewall stuff this is your
perfect chance to get your feet
wet, Readers with more
experience might like to skip
the next two paragraphs. You
will learn this very quickly if
you keep in the back of your
mind, Computers communicate in
exactly the same way you and I
do. In the form of Request -
Response. You might be wondering
"What this does not make sense".
Let me explain. Lets say you are
one Computer and I am another.
We are about to get some
communication going between us.
We would normally us "English"
to communicate but since we are
computers we are going to use
what the Internet and all
computers connected to the
Internet use "TCP/IP". TCP/IP is
the most commonly used Protocol
Suite, or if you like Language.
There are others like: IPX/SPX,
NetBEUI, Apple Talk... but they
are not needed for this
tutorial. Computers would
normally use a Network Cable or
Telephone line as a means of
connectivity, In our case we are
going to be on the Phone to each
other. Now this is where Request
- Response comes in to the
equation. We are on the Phone,
You need a file that I have, In
the form of a Request you ask me
if I can give you a file you
need. I Respond back to you with
the file you need, hence Request
- Response. This is very
basically explained but gives
the idea.
Firewalls are dependent on the
Data, in the form of a packet,
being delivered (Input to your
computer) and Data Sent Out from
your computer to protect your
computer, and this is the
Request - Response we were
discussing earlier. A Port is
the way the communication is
relayed, Computer Programs
listen on different Ports, for
example Outlook Express, will
listen on Port 110 for SMTP
Outgoing mail and Port 25 for
Incoming mail. This is a Request
- Response for each Port, 110
and 25.
In the "Advanced
Filtering & Firewall"
section of your Routers
Administration Web Interface the
Routers Firewall will most
likely be disabled depending on
your firmware version. At this
point I like to Enable it and
also Block All if the Rule is
not matched, this way you can
test the rule after applying it
to make sure it gives the
desired result. Lets create a
Rule. This Rule will enable DNS
(UDP Port 53) Inbound Traffic to
your computer:
DNS Listens on UDP Port 53 which
is part of the TCP/IP Protocol
Suite. The Source IP and Subnet
mask is left at 0.0.0.0/0. This
means Any and All Source IP's
and Subnet's. Start and End
Ports should be 53 as we are
only listening on one Port.
Finally the Destination is the
LAN or Local Area Network. We
don't need to specify any Port
numbers here as this is Incoming
Traffic to the network. Next we
need to Enable DNS Outgoing
Traffic:
This is exactly in reverse of
the DNS Inbound at Index 1. DNS
Listens on UDP Port 53 which is
part of the TCP/IP Protocol
Suite. The Source IP and Subnet
mask is at 192.168.0.0/24 of our
Network. We don't need to
specify any Port numbers here as
this is Outgoing Traffic from
the Network. Finally the
Destination are Any and All
Destination DNS IP's and
Subnet's we may use, e.g.: Your
ISP's DNS Address. Start and End
Ports should be 53 as we are
only listening on one Port. Next
we will Enable HTTP Port 80
Outgoing Traffic. This will
enable you to browse the
Internet.
HTTP Listens on TCP Port 80
which is part of the TCP/IP
Protocol Suite. The Source IP
and Subnet mask is that of your
Internal Network. This means all
your Network IP Addresses can
Browse. Start and End Ports
don't need to be defined here as
the traffic is Outbound. Finally
the Destination is "Any and All"
web sites we want to browse
being 0.0.0.0/0. Port number
here is 80 as this is the
Outbound Traffic to the Network.
At this point you can probably
see a pattern starting to
emerge. You also might be
thinking "The fire wall is
protecting the Internal Network
but what about the Router it
self. Good question, as long as
the "Remote
Administration Access"
is OFF this is completely safe
to your Router and Internal
Network.
If you should need the "Remote
Administration Access"
Feature ON, Use the normal
"Extremely difficult to guess"
scheme, letters and numbers,
with no words and have it at
least 8 characters long. This
way you should be fairly safe.
Now to finish of the HTTP Port
80 enabling we need to enable
the Port 80 Inbound Traffic:
HTTP Listens on TCP Port 80
which is part of the TCP/IP
Protocol Suite. The Source IP
and Subnet mask is left at
0.0.0.0/0. This means Any and
All Source IP's and Subnet's.
Start and End Ports should be 80
as we are only listening to one
Port. Finally the Destination is
the LAN or Local Area Network.
We don't need to specify any
Port numbers here as this is
Incoming Traffic to the network.
This is a very straight forward
set of Rules I have put
together:
You can see I next enabled the
access of Browsing Secure web
sites HTTPS Port 443, MSN
Messenger also uses Port 443 as
well as Port 1863 for
communications. It is common for
different Computer Programs to
listen on the one port, so be
care full what you enable. Email
Ports 25 and 110 were next
enabled. I have and you will
most likely be wondering why I
enabled ICMP traffic. This is
for the Internal Network and out
to the Internet which you may
not need and if not will result
in better security. If this is
not enabled you wont be able to
ping, tracert, nbtstat, netstat
and any other programs you may
be using. Some of these tools
my be needed for your Network or
if you are monitoring your Web
Site or something of the like.
All up you get 64 Rules, in the
above we have setup 14 so you
can see this way of setting up
the firewall is going to be much
better than trying to
individually block all the
baddies from your Computer.
Enabling ICMP like the above
does not have anything to do
with the ICMP ehco packets from
the Internet side of the Router
which we want to stop. The
D-LINK DSL 604+ Wireless Four
Port Router at this point does
not appear to be able to disable
the ICMP Ehco packets, on the
Internet side of your Firewall.
This will stop anyone pinging
your IP Address, this is where I
think the biggest security flaw
is in the firewall.
This is where many forms of
Attacks or Hacks start. If
someone has or can easily get
your IP Address they could
perform DOS (Denial of Service)
attacks, Ping of Death,
Smurf, Trinoo, Tribal Flood
Network, and Stacheldraht all
fall in this category and I am
sure many others are out there.
This is also a Big factor in
Internet connection performance.
Many people that have Blocked,
Redirected or Dropped ICMP Ehco
packets seem to comment that
their Internet is faster and
overall performance is better.
Port Redirection.
This is also another important
factor. To enable the best
performing "Port
Redirection"
method follow these steps.
Enable "UPnP"
if it is not already. If "UPnP"
Enabled was not already selected
you may have to save settings
and restart your Router. UPnP
stands for Universal Plug and
Play. This is fantastic
technology and is very quickly
changing the way things work
together. Now lets go back to
the "Port
Redirection"
Menu.
Make sure "Port
Redirection"
is also enabled. Save settings
and restart your Router if
needed. When your Router has
restarted browse the web a
little then go back to the "Port
Redirection"
and you should see a table with
entries in it made from "UPnP",
above the table you will see "The
entries in gray color are mapped
by UPnP."
as a result of following this
procedure you have "Stealthed"
your Ports. Effectively you are
not visible on the Internet and
a hackers Port Probes will fail.
That's the Firewall and Port
security in a nut shell. To test
your configuration, this web
site is fantastic for letting
you know how you did:
https://grc.com/x/ne.dll?bh0bkyd2
Remember you will get a failure
message: Ping Reply: RECEIVED
(FAILED) — Your system REPLIED
to our Ping (ICMP Echo) request.
This is a result of not being
able to block the ICMP Echo
packet we discussed earlier.
After your efforts a good thing
to do is back up your work. The
"Configuration
Maintenance"
menu will enable you to save
your work to a file that you can
back up from if in the future
you need to restore to factory
defaults.
That's your back up done.
|
