Reply

Block inbound traffic.

DerekVM
Novice

Block inbound traffic.

Can the WNDR be configured to block only a specific IP (or range of IP’s) from accessing a port if the port is open via port forwarding?

If not does Netgear offering a solution for allowing inbound traffic to a specific port, while simultaneously blocking traffic from know bad IP’s?

I see a lot of these entries in the log:
[LAN access from remote] from 58.218.199.250:1496 to 192.168.x.y:pppp, Wednesday, Jun 13,2012 09:56:59

I want to allow traffic inbound on port pppp to the specified IP 192.168.x.y, but not from this IP (or IP's in a similar range).

Can the WNDR4500 alone do this or do I need additional hardware?
Message 1 of 19
jmizoguchi
Virtuoso

Re: Block inbound traffic.

if option was there under inbound rules you can add WAN IP.

it's common that option to enter WAN IP is not there for home end routers. Prosafe router does
VPN Case Study

VPNCASESTUDY.COM

"Our Second To None VPN Related Setup Case Study[/COLOR][/URL]

"One Stop Solution To Your Netgear VPN Connectivity"

*Visit the site for Non-VPN related Doc & Links* [Windows & Mac user/support]





June Mizoguchi-
Message 2 of 19
DerekVM
Novice

Re: Block inbound traffic.

jmizoguchi wrote:
if option was there under inbound rules you can add WAN IP.

it's common that option to enter WAN IP is not there for home end routers. Prosafe router does


No option available for WAN under Inbound rules.

Am I correct in interpreting this as WNDR4500 does not offer this functionality, but ProSafe router would? Any model or just any Prosafe router?


I also have a GS108T, which is Prosafe, but not between router and outside world. The switch is for some LAN traffic, but not all LAN traffic goes through this switch.
Message 3 of 19
jmizoguchi
Virtuoso

Re: Block inbound traffic.

any newest prosafe has it's options

you can look 4500 manual but don't think it has it. I don't own one so can give you hard fact on this
VPN Case Study

VPNCASESTUDY.COM

"Our Second To None VPN Related Setup Case Study[/COLOR][/URL]

"One Stop Solution To Your Netgear VPN Connectivity"

*Visit the site for Non-VPN related Doc & Links* [Windows & Mac user/support]





June Mizoguchi-
Message 4 of 19
DerekVM
Novice

Re: Block inbound traffic.

Opted for the FVS318. Looks like it has better control over traffic access.
Message 5 of 19
jmizoguchi
Virtuoso

Re: Block inbound traffic.

Fvs318N is good choice
VPN Case Study

VPNCASESTUDY.COM

"Our Second To None VPN Related Setup Case Study[/COLOR][/URL]

"One Stop Solution To Your Netgear VPN Connectivity"

*Visit the site for Non-VPN related Doc & Links* [Windows & Mac user/support]





June Mizoguchi-
Message 6 of 19
DerekVM
Novice

Re: Block inbound traffic.

Already have the WNDR4500 so no need for another wireless source. I assume the FVS318 has similar capabilities, minus the wireless N and gigabit ethernet.

I wish I had a gigabit solution, but considering my FiOS ONT is 10/100 I think this will be OK for WAN access. LAN traffic will go through the WNDR4500 or the GS108T, both of which are 10/100/1000.

Best price I could find on the FVS318G was 3x the FVS318 I have acquired. Until my FiOS is upgraded to gigabit I thought I'd save some money.
Message 7 of 19
jmizoguchi
Virtuoso

Re: Block inbound traffic.

don't buy FVS318 (OLD) or FVG318.

I think FVS318N are the better unit to go or buy FVS336G if you do not need wifi
VPN Case Study

VPNCASESTUDY.COM

"Our Second To None VPN Related Setup Case Study[/COLOR][/URL]

"One Stop Solution To Your Netgear VPN Connectivity"

*Visit the site for Non-VPN related Doc & Links* [Windows & Mac user/support]





June Mizoguchi-
Message 8 of 19
Rhyalus
Apprentice

Re: Block inbound traffic.

Advanced > Security > Block Services

You can define the protocol (TCP/UDP) starting and end ports, for specific IP addresses or for a range.

Does anyone here actually OWN this router and the manual? Why am I the only who can find these things?

R
Message 9 of 19
jmizoguchi
Virtuoso

Re: Block inbound traffic.

use wants to specify the WAN IP so it limits the inbound connection in port forwarding
VPN Case Study

VPNCASESTUDY.COM

"Our Second To None VPN Related Setup Case Study[/COLOR][/URL]

"One Stop Solution To Your Netgear VPN Connectivity"

*Visit the site for Non-VPN related Doc & Links* [Windows & Mac user/support]





June Mizoguchi-
Message 10 of 19
DerekVM
Novice

Re: Block inbound traffic.

Rhyalus wrote:
Advanced > Security > Block Services

You can define the protocol (TCP/UDP) starting and end ports, for specific IP addresses or for a range.

Does anyone here actually OWN this router and the manual? Why am I the only who can find these things?

R


Good guess, but that is outbound traffic only. I'm pretty sure this is in manual as well 😉
Message 11 of 19
DerekVM
Novice

Re: Block inbound traffic.

Tried the FVS318v3 on my FiOS 35/35 network. Updated to latest firmware, v3.0.28.

Internet traffic slowed to a crawl. Speed tests went from ~30-39/~35-40 to 7/7. Changed the WAN connection back to WNDR4500 and WAN speed returned to normal.

Functionality was as expected and met my requirements. Rules/Services allowed me to more tightly control access to the LAN from outside even when "port forwarding" was enabled.

Throughput performance was weak and a deal breaker.

I guess I'll try the FVS336G as suggested...
Message 12 of 19
jmizoguchi
Virtuoso

Re: Block inbound traffic.

fvs318 is design to be 11Mbps max.
VPN Case Study

VPNCASESTUDY.COM

"Our Second To None VPN Related Setup Case Study[/COLOR][/URL]

"One Stop Solution To Your Netgear VPN Connectivity"

*Visit the site for Non-VPN related Doc & Links* [Windows & Mac user/support]





June Mizoguchi-
Message 13 of 19
DerekVM
Novice

Re: Block inbound traffic.

I see on http://www.smallnetbuilder.com/lanwan/router-charts/view

that the FVS336G is bench-marking at 59.2 WAN->LAN. Better that the FVS318 (7.0) but not as fast as the WNDR4500 (767.7). Is that going to be a problem on FiOS 35/35?

I see the Cisco RV220W clocks in at 720.0. I'm tempted to try it out; FVS336G will be here tomorrow.
Message 14 of 19
jmizoguchi
Virtuoso

Re: Block inbound traffic.

It's all about WAN -LAN thoughtful value that you prefer

59.2Mbos or higher

You need to look at growth of ISP
VPN Case Study

VPNCASESTUDY.COM

"Our Second To None VPN Related Setup Case Study[/COLOR][/URL]

"One Stop Solution To Your Netgear VPN Connectivity"

*Visit the site for Non-VPN related Doc & Links* [Windows & Mac user/support]





June Mizoguchi-
Message 15 of 19
DerekVM
Novice

Re: Block inbound traffic.

What's the relation between WAN-LAN throughput and rated line speed? Ive searched the intrawebs but only find the benchmarking site mentioned above.

Specifically i'm wondering what the maximum line speed a given WAN-LAN throughput can support. Obviously 7 or 11 is not enough for 35/35. What is the minimum WAN-LAN throughput for a 35/35 FiOS line
Message 16 of 19
jmizoguchi
Virtuoso

Re: Block inbound traffic.

What is the minimum WAN-LAN throughput for a 35/35 FiOS line


?????

if fiber is 35Mbps (unto that speed) then as long as router can handle the WAN-LAN throughput then it will be fine
VPN Case Study

VPNCASESTUDY.COM

"Our Second To None VPN Related Setup Case Study[/COLOR][/URL]

"One Stop Solution To Your Netgear VPN Connectivity"

*Visit the site for Non-VPN related Doc & Links* [Windows & Mac user/support]





June Mizoguchi-
Message 17 of 19
DerekVM
Novice

Re: Block inbound traffic.

Received the 336G; the device was great! Firewall controls were granular, throughput was ample to handle my 35/35 line. Interface was intuitive and snappy.

I confirmed that port forwarding was working for my open ports, but specific IP address ranges (from china) were blocked. Mission accomplished!

It communicated perfectly with my WNDR4500, WNR854T, WPN824V2 & GS108T devices. It was exactly what I was looking for in a firewall.


Then later that evening I received an email from Verizon about their new FiOS internet offerings. I upgraded my internet to 75/35. The 336G became a bottleneck at the WAN; speeds were limited to 38-40 down and 33-35 up.

So I’m back on the hunt for a firewall comparable to the 336G but with WAN-LAN throughput that can handle a FiOS 75/35 line.

Cisco RV220W seems nice for the money. Netgear have anything that competes in the price range < $250?
Message 18 of 19
jmizoguchi
Virtuoso

Re: Block inbound traffic.

srxn model and/or go UTM series (prosecure.netgear.com)
VPN Case Study

VPNCASESTUDY.COM

"Our Second To None VPN Related Setup Case Study[/COLOR][/URL]

"One Stop Solution To Your Netgear VPN Connectivity"

*Visit the site for Non-VPN related Doc & Links* [Windows & Mac user/support]





June Mizoguchi-
Message 19 of 19
Discussion stats
  • 18 replies
  • 6978 views
  • 0 kudos
  • 3 in conversation
Announcements

Orbi WiFi 6E