Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Ceram]

Is it possible to add the functionality of bandwith limiting based on Mac adresses? I want to limit kids bandwith use olso combined with a scedule.

[Sam]

+1

Simple bandwidth control on port/level ip level/mac

ie. 192.168.0.1 is limited to 1Mbps
ie. port 1352 can use max 25% of available WAN bandwitdh.

[EddieZ]

Requested:

1.        IPv6 support (firmware, all revisions)

2.        NAT Port Mapping Protocol

[tiagomiguel]

That it works . lol

[twk3]

Stealth port 113 instead of just reporting it as open or closed. (Or did I miss a setting?)

[EddieZ]

Stealth is a greater security risk then a closed port... Closed port: "darn, it says it cannot be openend", stealth: "hey, live IP but no respons...stealth, let's have a look at that."

[twk3]

Yes... but reporting as open is an even bigger security risk. Which is what it is being reported as at the moment. The latest versions of things like dd-wrt now stealth this port, setting it up so only an IP with an active session with a node behind the router can use it. I would say that is better than reporting it as open.

[EddieZ]

Yes... but reporting as open is an even bigger security risk. Which is what it is being reported as at the moment. The latest versions of things like dd-wrt now stealth this port, setting it up so only an IP with an active session with a node behind the router can use it. I would say that is better than reporting it as open.

Open door 

[twk3]

yeah... I have 113 forwarded >_< which is why it is open... I would just rather it be stealthed like the rest of my forwarded ports.

[EddieZ]

Here's where you will find the reason why the port isn't stealthed (and probably will never be on a router): http://www.grc.com/port_113.htm

[funchords]

yeah... I have 113 forwarded >_< which is why it is open... I would just rather it be stealthed like the rest of my forwarded ports.

That doesn't make sense.  If you've forwarded the port, then the router is going to pass the packet through.  It's not responsible for a response. 

What does the DIR-655 do when it's not forwarded? 

It's an old trick, but if the DIR-655 is doing something you don't like, and you want a port to behave as stealthed, then forward it to a completely unused IP address in your LAN.  Incoming packets will simply go to that black hole.

[funchords]

When possible, translate outgoing ICMP 3 responses and send them through the LAN. 

[twk3]

If I don't forward, the port is returned as being closed (the only port that returns anything but stealthed). If I forward, the port is returned as being open.

UPDATE: The latest firmware update for the Linksys family of NAT routers has added an adaptive IDENT stealthing feature (though it is not enabled by default). So the Linksys routers will give you the best of both worlds. Bravo Linksys!

We tested the newest dd-wrt firmware about couple days ago on a different router, it also stealths it.

I am required to use identd, that is why I have this port forwarded.

I realize you can't just stealth the port, you have to do an adaptive stealth. ZoneAlarm, linksys and dd-wrt all have managed to do it.

[funchords]

If I don't forward, the port is returned as being closed (the only port that returns anything but stealthed). If I forward, the port is returned as being open.

Thanks! I wasn't aware of that.

[dommysangiu]

1) In VIRTUAL SERVER - PORT FORWARDING - NETWORK FILTER display the computer name next to the MAC/IP ADDRESS

2) when the MAC FILTER is ON create a selectable list of the MAC ADDRESS that  want to access the netwok but don't have the permission

Thanks.