NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
how do I whitelist IP addresses on the R7500v2?
I'm having issues using a plugin for Claude called Claude Code. I'm getting ECONNRESET. In my router logs I see
[DoS Attack: ACK Scan] from source: 44.215.74.30, port 443
[DoS Attack: ACK Scan] from source: 52.39.32.173, port 443
[DoS Attack: ACK Scan] from source: 35.186.224.46, port 443
and the solution is to whitelist those IP addresses, I'm told. But I've been all over the settings and I don't see any place to actually whitelist those IPs. I could also enable Disable Port Scan and DoS Protection but this seems like a hammer when a scalpel will do.
https://kb.netgear.com/23289/How-do-I-configure-Access-Control-or-MAC-Filtering-on-my-NETGEAR-router-using-the-router-web-interface -- this is about which devices are allowed to connect to the router, so that's not it.
I do see Advanced / Security / Block Sites, but I need the opposite of that.
Weird that there's no tag for R7500.
It looks like my ISP (Centurylink) was blocking Claude Code. I used a VPN and now it works.
9 Replies
Netgear consumer routers do not provide a feature to whitelist IP addresses. The default condition is to not accept connections from the internet unless the user has specifically set up Port Forwarding. When that is done, a connection attempt is passed through the router to the IP address specified in the Port Forwarding definition.
Those entries in the log are from a process that Netgear has running to observe connection attempts. When the process observes a sequence of attempts that fit a known pattern, an entry is made in the log. These entries say that three IP addresses made enough attempts to connect to the router web server using https (port 443) that they could be considered a Denial of Service (DoS) attack.
Unless Claude Code includes a web server, there is no obvious relationship between these log messages and the ECONNRESET error message. (Internet search turns up LOTS of posts about this error message, especially for the MacOS platform.) Whitelisting three random IP addresses is not the solution.
Weird that there's no tag for R7500.
more like annoying. probably a low level, almost clerical task to go through the entire list of Netgear products and ensure that every one of them appears in the "tag database".
I talked to Anthropic (who owns those IPs) and they said
> When a user's applications make requests to Anthropic's API, they initiate an outbound connection to our servers. The IP addresses they see (44.215.74.30, 52.39.32.173, 35.186.224.46) are our response servers sending data back to them - this is standard client-server communication.Which makes sense. So why would Netgear see that traffic as a DOS Attack in the logs?
I can't edit that. They also said:
>Anthropic never initiates inbound connections to customer networks. All communication flows outbound from their network to our endpoints, with responses coming back through the same established connection.
>Your router's DoS protection is incorrectly flagging these legitimate API responses as threats.
Yeah when you put it like that it is definitely odd. This is beta software so it's most likely a bug.
> probably a low level, almost clerical task to go through the entire list of Netgear products and ensure that every one of them appears in the "tag database".
the kind of thing an intern should do -- I'm sure they have a database that has a list of product familiesMost likely not added due to the this model router and others are EoL.
It looks like my ISP (Centurylink) was blocking Claude Code. I used a VPN and now it works.
You might be thinking "call your ISP and get them to fix that"... the tech support with this ISP is so laughably bad it would take me half an hour to find someone who can even understand the issue.
