Thanks for the reply. My excuse for the late reply, I was abroad. Currently wrestling with linux.... I will let you know if I get it to work.
DHCP is not supported at the moment for the WAN port in PPPoE mode you need to statically assign the address (in fact this could be added).
In my setup there is a ADSL modem which has an address 192.168.0.1. I've assigned 192.168.0.254 to my wl500g WAN port. Also, I've configured static route on the modem to route everything for 192.168.1.0/24 addresses via the 192.168.0.254 (wl500g). And this working just fine (but there is no firewall between physical wan & lan ports).
So in your case you could probably do the same thing, except you should specify the route to 192.168.1.0/24 network on all of your LAN 145... devices or just add this route to the default router routing table and it will answer with icmp error codes for correct route to anyone. But you need to establish the firewall between eth1 and br0 on the wl500g using bootCmds (but this is really tricky - wl500g tends to clear forward chain during ppp line changes, but if you've a linux experience you will notice /var/tmp/pppoe_rule[0-2] files which could be filled with the your rules via bootCmd). You could also make the simpler thing: just add the NAT between br0 and eth1 - no route changes required and you will get firewalling.
Also, you could launch dhcp client via bootCmds to get the dynamic address.
Regards,
Oleg.
Thanks for the reply. My excuse for the late reply, I was abroad. Currently wrestling with linux.... I will let you know if I get it to work.
Security Lack???
Well I installed the new firmware 1.7.5.6 cr2 and went to the foloowing website: https://grc.com/x/ne.dll?bh0bkyd2
The problem is that port 22 (ssh) is not stealth but closed and port 23 (telnet) is widely open...
Didn't have the problem with the previous version of my firmware,
so I assume that it has to do with this version...
Will this be solved in the next version...??
Or am I the only one who had this problem??
Greedthingzzz
no this will be solved in one of the upcoming firmwares.. it's not such a big issue further..
and i believe if you turn of websetup from wan, the telnet port closes but you should try that. as i have websetup always open for wan
My little Asus Collection: Too much to fit inhere, my 2 babies:WL500w 1.9.2.7-10(OLEG) VX2SE Yellow Lamborghini notebook
WL500g Forum Asus Files OpenDir
Asusforum.NL -- Asusforum.DE -- Asusforum.RU -- Asusforum.PL -- Asusforum.NET -- Asusforum.EU -- Asusforum.BE -- Asusforum.ES -- Asusforum.INFO
Disable web access from the WAN and relax.
Stealthing port 23 is easy, just do what the other guys says.Originally Posted by saga2000
Stealthing port 22 can be done by making a virtual server (under NAT in the settings) of port 22 to a non existing PC on the LAN.
BR,
René
thanx for the solutions I very grateful for them...
However I don't think it's a progress when in the previous version all the ports are stealth and next versions some ports are open or closed (have to make them manually stealth)...
I think that's a pity and it's a step backwards...
I think you doing a great job and hope you wil go on for a long time... I'm just honest and hope you will not mind I give my opinion on such matters...
Otherwise just ignore what I said before...
Greedthingzzz
in the only version 'ports were stealthed' ftp didn't work for wan at all..
the ports are still open due to configuration things in firewall etc.. as the firewall script has improved some things have been forgotten probably.
e.g. fix the problem(s) with a working solution and publish the script here we'll be thankfull
My little Asus Collection: Too much to fit inhere, my 2 babies:WL500w 1.9.2.7-10(OLEG) VX2SE Yellow Lamborghini notebook
WL500g Forum Asus Files OpenDir
Asusforum.NL -- Asusforum.DE -- Asusforum.RU -- Asusforum.PL -- Asusforum.NET -- Asusforum.EU -- Asusforum.BE -- Asusforum.ES -- Asusforum.INFO