NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

rhazelwood2015's avatar
rhazelwood2015
Aspirant
Jan 19, 2017
Solved

Blocking WAN -> LAN Traffic

According to previous posts, the NightHawk Router should already be blocking WAN -> LAN access but it isn't. I have a IP SIP phone on my internal network that is constantly getting hit with request o...
Firmware
Security
  • JamesGL's avatar
    JamesGL
    Jan 24, 2017

    Hi rhazelwood2015,

     

    1. What is the model number of your router?

    2. What is the firmware version? Make sure it is updated.

    3. Reset the router after the update and reconfigure(If firmware is not updated).

    4. Block port 5060 under block services.

rhazelwood2015's avatar
rhazelwood2015
Aspirant
Feb 24, 2017

Sorry for the late reply, I just began ignoring the issue but at this point starting today I have someone consistentely slamming my phone. I almost want to throw my router out the window....There is NO REASON why outside access should be getting to my internal IP

 

I have the lastest firmware installed.

My router is the Nighthawk R7000

And I cannot block port 5060 because that is the port that is required for SIP. It disables my phone from working period.

 

[LAN access from remote] from 80.82.77.5:22140 to 192.168.1.6:5060, Friday, Feb 24,2017 09:02:37
[LAN access from remote] from 62.210.250.141:44347 to 192.168.1.6:5060, Friday, Feb 24,2017 08:57:47

 

Any help will be great

 

schumaku's avatar
schumaku
Guru - Experienced User
Feb 24, 2017

Can't help much - just put the facts on the table again:

 

1. Service blocking is to prohibit connections established from the (W)LAN to the WAN. Online Genie help is very clear on this.

2. Year 2017, and there is still no UI control to configre WAN to (W)LAN firewall rules in any Netgear Genie router (!!!)

rhazelwood2015 wrote:

Sorry for the late reply, I just began ignoring the issue but at this point starting today I have someone consistentely slamming my phone. I almost want to throw my router out the window....There is NO REASON why outside access should be getting to my internal IP

When it comes to SIP, arfaid, you might be wrong. Unless you dont wan't to be called (plus some more...), fully blocking the SIP port for WAN->LAN is not a choice. Assuming all your VoIP traffic is handeld by a single or larger scale IPPBX resp. it's gateway(s), and no direct peer-to-peer calls are allowed, you could limit the WAN->LAN for the SIP port(s) to the known IPPBX/IPPBX gateway IP addresses. But now you - no, many of us - are hit by the #2 above.

 

JamesGL I'm glad to offer basic networking training to Netgear - there are a lot of processes and almost 20+ year router specs carried forward to be changed for the 21st Century.

 

Regards,

-Kurt