Speedtouch 716WL router - firewall setup - how?

Discussion in 'Home Networking' started by tinnews, Jan 5, 2008.

  1. tinnews

    tinnews Guest

    I have a Speedtouch 716WL router which works well. However I want to
    set up the firewall to block ssh except from specified IP addresses
    and I just can't get it to work.

    I have added a custom Firewall "Security Level" which allows me to add
    firewall rules to the default ones.

    I have then added a rule which looks like it should allow ssh
    connections from a specified IP address on the WAN to my ssh server on
    the LAN but it doesn't work.

    If I enable SSH using "Game & Application Sharing" on the Speedtouch
    it works perfectly though, thus I think I have my ssh set up right, I
    just can't get the Speedtouch firewall set up correctly.

    There's little clue in the documentation, apart from anything else it
    doesn't tell you anything about how the Firewall and "Game &
    Application Sharing" interact. I have even delved into the CLI
    interface of the Speedtouch and discovered a bit more but I still
    can't make it work.

    Can anyone help or point me in the direction of where I might get some
    help?
     
    tinnews, Jan 5, 2008
    #1
    1. Advertisements

  2. tinnews

    tinnews Guest

    Typical - almost immediately after posting this message I realised
    what the problem was.

    Setting up a Firewall Rule allows the connection through but it
    *doesn't* specify the NAT mapping. When you use "Game & Application
    Sharing" it sets up a firewall rule *and* a NAT mapping (but sadly
    doesn't allow you to tune the firewall rule).

    The Firewall Rules setup doesn't set up a port/IP mapping, you have to
    use the CLI to do that and then it works. It means the web interface
    to the firewall set up is essentially useless as far as I can see.

    Anyway I have it working now, all I have to do is write down all the
    necessary stages so if/when I reset the router I can set it up again.
     
    tinnews, Jan 5, 2008
    #2
    1. Advertisements

  3. tinnews

    macmax.tan Guest

    Hi Chris

    having problems of a similar nature. could you copy the CLI commands
    to me?
    not sure if you tried, but you can actually save/restore configuration
    for the SpeedTouch modem.
    you need to access the GUI, click on "SpeedTouch" then 'Configuration"
    and under "Pick a Task" section, select 'Backup or restore
    configuration".

    Cheers~!
     
    macmax.tan, Jan 9, 2008
    #3
  4. tinnews

    tinnews Guest

    A fellow sufferer! :)

    I have my Speedtouch set up to allow ssh connections from just a
    couple of trusted IP addresses. The Firewall is set up from the Web
    interface (after adding a custom firewall Level of course).

    Then you need to do something like the following from the CLI:-

    mapadd intf=Internet outside_addr=84.45.228.40 inside_addr=192.168.1.1 outside_port=22-22 inside_port=22-22 weight =10

    The "outside_addr" is my static IP address at my ISP, i.e. it is the
    IP address of the WAN side of the router. I don't know what you do if
    you have a dynamic IP though I'm sure there must be a way to do it. I
    didn't actually explicitly set the 'weight', that must be a default
    value.

    I realised you can save and restore the configuration, in fact it's partly
    how I found out what I have found out. I compared configurations with and
    without a "Game and Application Sharing" entry added, that showed me the
    'nat mapadd' entry as well as the Firewall one.

    There are some useful notes etc. in a Wiki at:-

    http://network.wiki.xs4all.nl/index.php?title=SpeedTouch

    which I was pointed to by the forums at:-

    http://www.speedtouch.net.nz/forum


    I hope this all helps, can continue by E-Mail if you want, my address
    here will work.
     
    tinnews, Jan 9, 2008
    #4
  5. I don't know that router, but I presume it allows you to create and add
    custom rules or services. For default Remote Desktop you only need to
    forward TCP Port 3389 to the computer you wish to operate remotely (plus
    poke the appropriate hole in that computer's own firewall).

    If you have more than one computer running RDP that you wish to control
    from the WAN, then you can easily change from the default RDP port number
    in XP as is explained here: http://support.microsoft.com/kb/306759

    Tony
     
    Anthony R. Gold, May 26, 2009
    #5
  6. tinnews

    tinnews Guest

    Back off holiday (hence delay). If you haven't worked out the answer
    and/or if the other reply hasn't helped then post again here and I'll
    try and come up with an answer.

    Basically you add your own 'custom' service for the remote desktop
    port number I think.
     
    tinnews, Jun 14, 2009
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.