Firewall Setup - Orcon White Genius Router (NetComm Wireless NF4V)

Forums › 2degrees (including Slingshot, Orcon, Flip, Stuff Fibre, MyRepublic, 2talk and Vocus) › Firewall Setup - Orcon White Genius Router (NetComm Wireless NF4V)

WildQwerty

10 posts

Wannabe Geek

#181317 10-Oct-2015 15:16

I'm trying to set up the firewall on my router, but boy its a complicated little monster. I'm pretty comfortable working on the router, but I'm not a network engineer. Can anyone point me in the right direction on how to configure the firewall. I want to create a custom firewall rule to block google's DNS servers recently the netflix app on my android devices has been a little flakey about connecting.

chevrolux

4962 posts

Uber Geek
+1 received by user: 2638
Inactive user

#1403531 10-Oct-2015 15:37

No need to muck around with the firewall. Simplest option is to create a static route.

On the NF4V you just specify the ip address and subnet (you want 8.8.8.8/32 & 8.8.4.4/32), the tell it to go to the LAN interface (rather than the PPP interface) and put in a random IP address for the gateway - just needs to be in your LAN range otherwise the stupid router doesn't like it.

SSkinny

5 posts

Wannabe Geek

#1440915 5-Dec-2015 10:43

Any luck with the static routes? They work for my chrome cast but they stop my android netflix apps playing locally as (from what i have read) they require the ip 8.8.8.8 accessible. So can either watch region free on my android devices or on my chrome casts but not both. I have been trying to get a fire wall rule working but, like you, i am no network engineer. It always allows the ping test through.

I'm on a fibre connection.

I have applied static ips to my androids, chrome casts, and my main pc by mac address. Added a firewall and set two rules for my pc as this is the easiest for me to test if a rule works or not, i think ... could be wrong.

Any suggestions?

WildQwerty

10 posts

Wannabe Geek

#1440917 5-Dec-2015 10:50

The Netflix app only works some of the times, its a real pain. It used to work perfectly, now I pretty much have to use my PC with the chromecast extension to watch netflix on TV.

jamesrt

1663 posts

Uber Geek
+1 received by user: 941

ID Verified

Trusted

Lifetime subscriber

#1440930 5-Dec-2015 11:43

I have previously shared my quite nicely working setup in another thread:

http://www.geekzone.co.nz/forums.asp?forumid=151&topicid=179390

SSkinny

5 posts

Wannabe Geek

#1441044 5-Dec-2015 16:00

Hey jamesrt, that was helpful. I'm not sure if you fully understood the problem though. I still needed my androids to be able to access 8.8.8.8 and 8.8.4.4.

Here's what i ended up with:

192.168.20.201 and 202 are my chromecasts with static ips assigned. It appears that the mask was my issue. 255.255.255.255 was the key instead of my subnet mask of 255.255.255.0.

To test it i...
Turned off the orcon white and the fibre box,
turned off the wifi on my xperia z2 and nexus 7,
deleted the data for netflix on both of androids,
Turned on the orcon white and the fibre box,
turned on the wifi on the androids,
opened netflix and signed in (on the xperia it failed to sign in first go, but i just hit retry (or whatever the button is!),
played locally then cast to each chrome cast in turn which each android.

jamesrt

1663 posts

Uber Geek
+1 received by user: 941

ID Verified

Trusted

Lifetime subscriber

#1441055 5-Dec-2015 16:53

SSkinny: I'm not sure if you fully understood the problem though. I still needed my androids to be able to access 8.8.8.8 and 8.8.4.4.

Sorry; skim-read the question and didn't notice that detail.

SSkinny: It appears that the mask was my issue. 255.255.255.255 was the key instead of my subnet mask of 255.255.255.0.

Yeah, if you're trying to blacklist a remote host, you need 255.255.255.255 as the mask, as that indicates a single host; rather that a "subnet" of hosts (which is what 255.255.255.0 indicates).

Geekzone

Want to support Geekzone and browse the site without the ads? Subscribe to Geekzone now (monthly, annual and lifetime options).

SSkinny

5 posts

Wannabe Geek

#1441058 5-Dec-2015 17:03

Cheers again James, you solved my issues and enlightened me a bit more.

WildQwerty

10 posts

Wannabe Geek

#1441249 6-Dec-2015 09:04

Does this mean I can remove all the static routes that I were using instead?

jamesrt

1663 posts

Uber Geek
+1 received by user: 941

ID Verified

Trusted

Lifetime subscriber

#1441259 6-Dec-2015 09:48

WildQwerty: Does this mean I can remove all the static routes that I were using instead?

If you're using a FW rule to block the traffic, then you shouldn't need static routes as well.

I don't have any static routes set in my router; only the firewall rules I showed in the link above. I use "DNS4ME", and all devices in the house (mixture of iPhone, Mac, Windows, Android, plus a Chromecast) work fine, and give me the content as indicated by my DNS4ME region.

SSkinny

5 posts

Wannabe Geek

#1441264 6-Dec-2015 09:52

I have no static routes set. Just the firewall rules. Just ensure you have a static ip assigned to the chromecasts so the rules will always work.

SSkinny

5 posts

Wannabe Geek

#1449582 13-Dec-2015 10:49

Any luck wild?