Page 1 of 2 12 LastLast
Results 1 to 15 of 27

Thread: WAN to LAN Filter Problems

  1. #1

    Unhappy WAN to LAN Filter Problems

    Hello,

    i am using Firmware 1.9.27 (original) and i have some problems at the point of creating some WAN to LAN Filter.

    My Settings:
    Enable WAN to LAN Filter?: YES
    Date to Enable WAN to LAN Filter:: All days
    Time of Day to Enable WAN to LAN Filter: All Time

    Packets(WAN to LAN) not specified will be: DROP
    Filtered ICMP(WAN to LAN) packet types: BLANK

    WAN to LAN Filter Table:
    SourceIP - PortRange - DestinationIP - PortRange - Protocol
    *.*.*.* - 110 - *.*.*.* - 110 - TCP ALL
    *.*.*.* - 25 - *.*.*.* - 25 - TCP ALL
    *.*.*.* - 443 - *.*.*.* - 443 - TCP ALL
    *.*.*.* - 20:21 - 192.168.100.1 - 25 - TCP ALL
    *.*.*.* - 4661:4665 - 192.168.100.1 - 4661:4665 - TCP ALL
    *.*.*.* - 4672 - 192.168.100.1 - 4672 - UDP
    *.*.*.* - 80 - *.*.*.* - 80 - TCP ALL

    If i press APPLY and RESTART after that i cant open any URL! Server is not reachable! I cant also get any mails through port 110 and 25!

    I think the setting are correct!

    Oh i forgot!
    Enable LAN to WAN Filter?: NO!

    And some virtuell Server i have entered:
    PortRange - LocalIP - Local Port - Protocol - ProtocolNo. - Description
    110 - 192.168.100.3 - BLANK - BOTH - BLANK - blablabla
    110 - 192.168.100.4 - BLANK - BOTH - BLANK - blablabla
    25 - 192.168.100.3 - BLANK - BOTH - BLANK - blablabla
    25 - 192.168.100.4 - BLANK - BOTH - BLANK - blablabla
    20:21 - 192.168.100.1 - BLANK - BOTH - BLANK - blablabla
    4661:4665 - 192.168.100.1 - BLANK - TCP - BLANK - blablabla
    4672 - 192.168.100.1 - BLANK - UDP - BLANK - blablabla


    What is wrong at my settings that nothing will work after enable WAN to LAN Filter?
    Many Thx for helping me with this problem!

    Shawn

  2. #2
    Join Date
    Nov 2004
    Location
    Posts
    380
    if you read
    http://wl500g.info/showthread.php?t=1344 & another Thread dedicate
    Firewall setting.

    you can obtain secret knowledge that this stupid WLAN 2 LAN 2 WLAN filtration does'nt work in any combination.
    Forget about this thing
    sorry for my bad language

  3. #3
    Join Date
    Dec 2003
    Location
    Russian Federation
    Posts
    8,356
    Quote Originally Posted by Shawn
    WAN to LAN Filter Table:
    SourceIP - PortRange - DestinationIP - PortRange - Protocol
    *.*.*.* - 110 - *.*.*.* - 110 - TCP ALL
    *.*.*.* - 25 - *.*.*.* - 25 - TCP ALL
    *.*.*.* - 443 - *.*.*.* - 443 - TCP ALL
    *.*.*.* - 20:21 - 192.168.100.1 - 25 - TCP ALL
    *.*.*.* - 4661:4665 - 192.168.100.1 - 4661:4665 - TCP ALL
    *.*.*.* - 4672 - 192.168.100.1 - 4672 - UDP
    *.*.*.* - 80 - *.*.*.* - 80 - TCP ALL
    You do not need to specify Destination port like this, leave it blank.

  4. #4
    What a shity router?
    Whats that!
    There is a point to select some definitions and it doesnt work!

    I cant believe!

    Would this solve my problem i have read in the other thread!

    iptables -I FORWARD -p 47 -j ACCEPT

    If the answer is "YES" how can i get the hidden admin side?

    Many ThX!

    Shawn

  5. #5
    Join Date
    Dec 2004
    Location
    the netherlands
    Posts
    155
    Quote Originally Posted by Shawn
    What a shity router?
    Whats that!
    There is a point to select some definitions and it doesnt work!

    I cant believe!

    Would this solve my problem i have read in the other thread!

    iptables -I FORWARD -p 47 -j ACCEPT

    If the answer is "YES" how can i get the hidden admin side?

    Many ThX!

    Shawn
    Huh?

    What dit Oleg just said?

    Oleg said leave destination portranges empty.
    so the only thing you put in your wan to lan filter is the originating port you want to allow and whether it is a TCP or UDP port.

    And this device is not a shity router just because you filled in something that makes no sence.

    just my 2 cts.

  6. #6
    Sorry i didnt told that i tried to leave the fields blank!
    Result.....: NOT WORKING!

    So i am a little bit frustrated about this!

    Shawn

    I tried several entries.

    1. BLANK - 80 - 192.168.100.* - 80 - TCP ALL
    2. BLANK - 80 - BLANK - 80 - TCP ALL
    Last edited by Shawn; 28-12-2004 at 14:43.

  7. #7
    Join Date
    Dec 2003
    Location
    Russian Federation
    Posts
    8,356
    Flash 1.9.2.7-2, it should work fine with no WAN to LAN rules.

  8. #8
    Join Date
    Apr 2004
    Location
    Netherlands
    Posts
    1,308
    Quote Originally Posted by Shawn
    What a shity router?
    Your opinion
    Whats that!
    There is a point to select some definitions and it doesnt work!
    Yes, Asus is a consumer product, hence it has flaws, but mostly: "The source of the problem lies between the computer screen and the chair".
    I cant believe!

    Would this solve my problem i have read in the other thread!

    iptables -I FORWARD -p 47 -j ACCEPT

    If the answer is "YES" how can i get the hidden admin side?

    Many ThX!
    That might be the problem, seach this forum for hidden admin page and you will find a link.

    Thanks for your patience

  9. #9
    @Oleg

    But i want to have WAN 2 LAN Rulez!

    I dont want to change the firmware and working without WAN 2 LAN Rulez!
    Have you any other idea??

    Many ThX!

    I try to search for hidden admin page!

    Shawn

    OK Hidden Admin Page found!! THX! Sorry i have to use "SEARCH" Button!
    But i have entered the Sentences and nothing happend!

    Result: NOT WORKING!
    Last edited by Shawn; 28-12-2004 at 15:25.

  10. #10
    Join Date
    Dec 2004
    Location
    the netherlands
    Posts
    155
    Quote Originally Posted by Shawn
    Sorry i didnt told that i tried to leave the fields blank!
    Result.....: NOT WORKING!

    So i am a little bit frustrated about this!

    Shawn

    I tried several entries.

    1. BLANK - 80 - 192.168.100.* - 80 - TCP ALL
    2. BLANK - 80 - BLANK - 80 - TCP ALL
    hmmz. Howcome I still see originating ports and destination ports filled in here then?

    try something like this:

    1. BLANK - 80 - 192.168.100.* - BLANK - TCP ALL
    2. BLANK - 80 - BLANK - BLANK - TCP ALL[/QUOTE]

    the first line however will only allow port 80 from 192.168.100.*. If this is a filter from wan to lan, it doesn't make sense unless yr asus is hooked up to another router that is in the 192.168.100.* range.

    second line allows port 80 to go through originating from any host. Makes more sence.

    For wan to lan filters, you only specify what source ip or port you want to allow, the destination isn't specified.

  11. #11
    OK That sounds plausible!

    I try it!

    Many Thx!

    Shawn

  12. #12
    Sorry didnt worked!

    I tried these....

    BLANK - 80 - BLANK - BLANK - TCP ALL

    And that was the result in System Log!

    Dec 28 04:19:49 filter: TCP connection denied to xx.xx.xx.xx:445 from xx.xx.xx.x:1702
    Dec 28 04:19:50 filter: UDP connection denied to 192.168.100.1:4672 from xx.xxx.xxx.xxx:5672
    Dec 28 04:20:05 filter: TCP connection denied to xx.xx.xx.xxx:135 from xx.xx.xx.xxx:1563

    Why these Ports?

  13. #13
    Join Date
    Dec 2003
    Location
    Russian Federation
    Posts
    8,356
    Do you've LAN to WAN filter enabled? If so, disable it before testing WAN to LAN. Once WAN to LAN stuff starts working you can try LAN to WAN.

  14. #14
    @Oleg.

    No i have disabled LAN 2 WAN Filter!
    I tried only WAN 2 LAN and this problem is big enough!

    Shawn

  15. #15
    Join Date
    Dec 2004
    Location
    the netherlands
    Posts
    155
    Quote Originally Posted by Shawn
    Sorry didnt worked!

    I tried these....

    BLANK - 80 - BLANK - BLANK - TCP ALL

    And that was the result in System Log!

    Dec 28 04:19:49 filter: TCP connection denied to xx.xx.xx.xx:445 from xx.xx.xx.x:1702
    Dec 28 04:19:50 filter: UDP connection denied to 192.168.100.1:4672 from xx.xxx.xxx.xxx:5672
    Dec 28 04:20:05 filter: TCP connection denied to xx.xx.xx.xxx:135 from xx.xx.xx.xxx:1563

    Why these Ports?
    I assume you put the wan 2 lan filter on drop if not on list? then everything that is not on the list will be blocked. So if you only allow port 80 to go through everything else will get blocked. Your firewall works!

    And like Oleg said, first try wan 2 lan and then if you want the lan 2 wan filters

Page 1 of 2 12 LastLast

Similar Threads

  1. WAN & LAN Filter
    By FF1987 in forum Dutch Discussion - Nederlands
    Replies: 2
    Last Post: 08-08-2005, 21:35
  2. How to get URL filter to work
    By andimue in forum WL-500g Q&A
    Replies: 3
    Last Post: 14-04-2005, 09:33
  3. Virtual DMZ and WAN to LAN filter
    By Derfel in forum WL-500g Q&A
    Replies: 6
    Last Post: 05-12-2004, 11:25
  4. WAN/LAN filter problems
    By psylockex in forum WL-500g Q&A
    Replies: 0
    Last Post: 23-08-2004, 20:46
  5. NAT or filter & DWL-G520 with AES
    By skuggan| in forum WL-500g Q&A
    Replies: 1
    Last Post: 06-08-2004, 16:45

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •