1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Disable Firewall

Discussion in 'Tomato Firmware' started by neil154, Aug 17, 2014.

  1. neil154

    neil154 Serious Server Member

    I have a Linksys E3200 router with Tomato firmware. I would like o know if there is a way to temporarily disable the firewall.

    Please advise
     
  2. koitsu

    koitsu Network Guru Member

    What exactly is the purpose/thing you are trying to solve by doing so? Please explain verbosely.

    If you're trying to alleviate issues with certain software on the LAN side, then the easiest way to "disable the firewall" (so to speak) is to use Port Forwarding / DMZ and fill out the relevant fields (probably Destination Address is all you need).
     
  3. neil154

    neil154 Serious Server Member

    Yes, you correct. I am trying to configure a software package called Akrutosync. The instructions already instructed me to do port forwarding but after completing the instructions I was instructed to use my phone and go to a specific web site that the package setup but when I tried going there I got a message that the site does not exist. The support tech for the package (thru email) suggested that if I have a firewall (not software since I was able to set that up okay) on the router that I try to disable it.

    So that is why I am asking, if you have any suggestions I am willing to listen
     
  4. koitsu

    koitsu Network Guru Member

    Use a DMZ and set the Destination Address to the IP address your phone is handed out (by dnsmasq on the router / DHCP, unless it's statically assigned).

    I don't see how "site does not exist" (this usually indicates DNS lookup failure) has anything to do with a firewall. But then again I have no idea what this software is trying to do/what it's for/etc.

    The DMZ method will allow you to determine if it's a "firewall" or port forwarding problem or not. How it works: in effect any inbound packets which do not already have correlating NAT state table entries will be forwarded on to the Destination Address of your choice (e.g. your phone).
     
  5. neil154

    neil154 Serious Server Member

    I will give your suggestion a try but you obviously understand more than me. The software is setting up some sort of DNS - see attached photo
     

    Attached Files:

  6. Siff

    Siff Serious Server Member

    As koitsu said, this has nothing to do with the firewall - this dialog prompts you to specify the DNS name or the dynamic DNS service, which the software should use.

    Apparently, this software needs to know your connection by name and, since you have a dynamic IP address provided by your ISP, it needs to know either the name you are already using (the second option) or retrieve it from one of the proposed dynamic DNS providers (the first option).

    If you are not using dynamic DNS, you'll have to setup one and then provide the name you choose to the software using the dialog you posted.

    Note: Depending on the dynamic DNS service you choose, you can set Tomato to update it automatically when your IP changes.

    Hope this helps.
     
  7. neil154

    neil154 Serious Server Member

    You are correct that I have a dynamic IP, but on my PC has a static internal IP set to be the same all of the time. I am trying to use the third option for DNS so it is setting it up as my my first name and some numbers (for example http://neil:987654 but that is where I get the error message. I know that you do not know about the software but you understand a whole lot more than me. Do you have any suggestions or should I not be using option 3 but one of the other options for DNS, if so which would you recommend? Someone told me in order to use option 3 that I need to have my own domain (which I do) and also a dedicated IP for this DNS (which I do not have) so would appreciate your information this. Also, I am now being told that if I do successfully set yhos up with the DNS that I am comprising the security of my PC and would also love to hear your comment on this also.

    Thanks for the help
     
    Last edited: Aug 18, 2014
  8. Siff

    Siff Serious Server Member

    "neil:987654" looks like the name of you PC in your network. First, do not use ":" in computer names since this specifies port, so I would suggest to change the PC name to e.g. "neil-987654" instead. Second, this is not the name you need to setup your software.

    I'm guessing that, as part of this software and the services it provides, there is a server/service outside of your network, which needs to access your PC and it needs to know where (IP address and port) your PC can be accessed at. The port is pre-defined and I'm assuming that you already have it forwarded to your PC, so this leaves the IP address to be set up.

    Since you are using dynamic IP, specifying your current IP address will work only until your ISP changes it and therefore it cannot be used (at least not permanently). This is where dynamic DNS comes into place: the dynamic DNS maintains up-to-date (within its SLA) mapping between your current IP address and a name of your choice (from the names available from this dynamic DNS service or your own domain, which I don't think you have). To make this work, you have to update the dynamic DNS' records every time when your ISP changes your IP address. As I said above, Tomato supports several dynamic DNS services and you can use any of them. I'm using FreeDNS (http://freedns.afraid.org), but there a many others: no-ip (http://www.no-ip.com), the two suggested by the software, etc. Which one to pick is up to you and your needs: the available names, the timeframe in which the DNS records will be updated, free vs. paid service, conditions under which free service is provided, how the information is updated, etc.

    Let's say that you have set up "neil154.no-ip.org" as your DNS name matching your current IP address (e.g. 10.11.12.13). Once you are sure that IP updates are working properly, you'll have to specify "neil154.no-ip.org" using the second option in your dialog.

    I don't know what is the difference if you are using one of the two services suggested by the software, so, if you decide to go this route, you'll have to find out what exactly to do (probably provide some sort of API key?).

    Hope this helps.
     
    Last edited: Aug 18, 2014
  9. neil154

    neil154 Serious Server Member

    Thank you very much for the additional detailed information.

    Please also give me your thoughts on the security of using this method of DNS. With the same software I could sync using wifi only or with other software I could sync by sending the information to a server in the cloud and then downloading from the cloud. I am not particularly concerned about the security of the data that will be sync'd but I am concerned as to the security of my PC.

    Once more many thanks
     
  10. Siff

    Siff Serious Server Member

    The dynamic DNS services do not need to and do not access your system - they simply store the information about which name (e.g. "neil154.no-ip-org") to which IP address it is currently mapped (e.g. 10.11.12.13) and provide the IP address when some service (e.g. another DNS) asks for the IP address of the name.

    Therefore I don't think that you should have security concerns with setting up dynamic DNS. Of course you should use a strong and unique password (i.e. do not reuse passwords!) when you setup the dynamic DNS service.

    Hope this helps.

    [Edit] Sorry I missed that you own a domain. If you own a domain, you need a DNS to resolve it (to IP address(es)). Since you don't run your own DNS server, you need to use an outside DNS service and, since you have a dynamic IP, dynamic DNS should do "the trick" for you.

    If you want to setup and run your own DNS server - this is a whole different story...
     
    Last edited: Aug 18, 2014
  11. neil154

    neil154 Serious Server Member

    Thanks for your advise. Now I will have to try to get the DNS (number 3 working if possible, otherwise I will try another service).
     
  12. Siff

    Siff Serious Server Member

    If you want to use your domain name, check which dynamic DNS will allow you to do that. I think that FreeDNS had this option, but I'm not using it, so I may be mistaken.

    Good luck! :)
     
  13. neil154

    neil154 Serious Server Member

    Thanks to all for the help but I have given up. I gave up because even if I got it working for the software at home it would not work if I took my PC someplace else where I did not have access to the router settings
     
  14. Monk E. Boy

    Monk E. Boy Network Guru Member

    Yes, that would break it. If the software supports setting up its own port forwards automagically (e.g. through UPnP or NAT-PMP), that may work in some (though hardly all) locations. However you would also need to run some kind of client software on your system to handle DDNS, so that your DDNS record can get updated to your new location. However this has a snowballs chance of actually working consistently, because most locations don't have UPnP enabled (to restrict yahoos from P2P'ng the location into a xxAA lawsuit).
     
  15. neil154

    neil154 Serious Server Member

    I agree I am just giving up on the software
     
  16. WaylonCovil

    WaylonCovil Serious Server Member

    I looked up the software online. It appeared to be an Outlook contact synchronization application. Is this correct?
    If so, I'm guessing the PC is acting as the host. Perhaps there's another application that uses the vendors server instead of requiring you to setup your PC to do this.
    Good luck.
     
  17. neil154

    neil154 Serious Server Member

    Yes, there are several other software applications that accomplish the same end result and I am now testing an application called CompanionLink
     

Share This Page