Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


Tom_Rush

208 posts

Master Geek


#91514 14-Oct-2011 16:01
Send private message

I'm using a Telecom NZ Thomson TG585 V8 ADSl2 modem.

My modem is double NAT'd onto a router running Tomato firmware.

On the Telecom NZ Thomson TG585 V8 I'd like to block subnet'd networks(10.0.0.0/24) on the ADSL2 (WAN) interface for example:

211.136.0.0/13

When I attempt to block... lets say a Vodafone network, as a test, it remains accessible via the TG585.

The following event log show a connection to a wwww server which is enabled via port forwarding, but which I was attempting to block on a given network/mask

FIREWALL rule : Protocol: TCP Src ip: 202.nnn.nnn.nnn Src port: 16110 Dst ip: 10.nnn.nnn.nnn Dst port: 80 Chain: forward_host_service Rule Id: 8 Action: accept

I'm not sure if ANY tunneling takes priority over any other rules and thus becomes null when attempting to block inbound public networks by network address/subnet.

I did have a quick look at the command line firewall config, within the modem, but not being familiar with it off hand, I thought I'd ask first.

I have enabled a custom GUI firewall security profile and add the following but it does nothing on blocking a given network:



Also, it doesn't appear to accept network masking.

Like it's not the end of the world, but I would like to say no to those 'very friendly' Chinese visitors at the front door, without them tunneling through the network to be refused on internal LAN server/routers.

I know I could buy a feature rich ADLS2 modem/firewall, but I thought if I can get the Thomson to do it, well, that'd be just peaches.

Any thoughts?


Create new topic
Tom_Rush

208 posts

Master Geek


#538194 27-Oct-2011 15:32
Send private message

Wow, aren't I the popular one, sitting in a corner talking to myself. Cry

Laughing But to answer my own question, yerp, it's doable.

The Thomson TG585v8 has an extensive firewall CLI interface able to block networks and or TCP ports and etc.

It's not for the faint-hearted and definitely not accessible via the GUI.

Insanity is only one 'rule add chain' away.... you're not in Kansas now.


 
 
 

Backblaze Unlimited Backup. World’s easiest cloud backup. Get peace of mind knowing your files are backed up securely in the cloud (affiliate link).
Ragnor
8091 posts

Uber Geek

Trusted

  #538444 28-Oct-2011 01:19
Send private message

Why do you want to block a network range?

Behind NAT one of your devices must have sent outgoing communication with an ip address in that range in order for it to be in the NAT state table and return data coming back from that address to be let in anyway.

Tom_Rush

208 posts

Master Geek


  #538700 28-Oct-2011 13:20
Send private message

Probably cause I've enabled HTTP( Port 80) Smile

I could just use another port, but I'm just to slack and after a few days I started seeing the odd port 80 connection here and there from countries I can't even spell.

It's blocked further down the path at the web server, but dude, they're inside mincing about and I don't like it, I don't like it.

Anyway, took a few hours but one can create an IP network/mask expression list of the good guys (New Zealanders) Laughing and then apply it to the http port on an if not this network then drop and log

As it's a inbound http port check it shouldn't be fired on established connections and not to much overhead.

And besides, someone went to a lot of trouble to write these firmware/OS code so it only seems polite to learn a bit about it and use it. Even if really you have no real reason to be using it.

 

Create new topic





News and reviews »

One New Zealand Extends 3G Switch-off Date
Posted 11-Apr-2024 08:56


Amazon Echo Hub Review
Posted 10-Apr-2024 18:57


Epson Launches New Versatile A4 Desktop Scanners
Posted 10-Apr-2024 15:31


Motorola Mobility Launches New Android Phones in New Zealand
Posted 10-Apr-2024 14:59


Logitech G Unveils the PRO X 60 Gaming Keyboard
Posted 9-Apr-2024 19:01


Logitech Unveils Signature Slim Keyboard and Combo
Posted 9-Apr-2024 13:33


ExpressVPN Launches Aircove Go Portable Router With Built-in VPN
Posted 26-Mar-2024 21:25


Shure MoveMic Review
Posted 25-Mar-2024 12:47


reMarkable 2 Launches at JB Hi-Fi New Zealand
Posted 20-Mar-2024 08:36


Samsung Galaxy S24 Ultra review
Posted 19-Mar-2024 11:37


Google Nest Wifi Pro Review
Posted 16-Mar-2024 11:28


Samsung Galaxy A55 5G and Galaxy A35 5G
Posted 12-Mar-2024 12:41


Cricut EasyPress Mini Zen Blue launches at Spotlight New Zealand
Posted 12-Mar-2024 12:32


Logitech Introduces MX Brio Webcam
Posted 12-Mar-2024 12:24


HP Unveils Broadest Consumer Portfolio of AI-Enhanced Laptops
Posted 3-Mar-2024 18:09









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.