1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WRT54GL with HyperWRT and Port Forwarding

Discussion in 'HyperWRT Firmware' started by lechuck1, Nov 1, 2006.

  1. lechuck1

    lechuck1 LI Guru Member

    Hi there,

    I have flashed my new WRT54GL V1.1 router with HyperWRT. I'm new
    to routers setup. Is there any step by step guide how to set up?

    After flashing I changed:
    - entered Static IP, disabled DHCP Server
    (will have only 2 PCs at 192.168.1.xy)
    - disabled Wireless Network Mode
    - enabled Block Portscans
    - changed Router Password, disabled Wireless Access

    I did these settings, but I'm not sure how/why to set Port Forwarding.
    Well I know the theory, here is what I don't understand:

    Well Web browsing works and I started uTorrent and tested multiple porst
    if they are forwarded. And all of them were. It looks like everything goes
    trough (My PC also has Zonealarm - and I allowed net access trough the
    port in Zonealarm ).

    Now I'm confused. I thougt that all ports are closed by default and I need
    to set up Port Forwarding to open them. What I'm missing here?

    How to set router that all ports are closed and that only allowed aplications
    (HTTP, Skype, uTorrent, etc...) go trough firewall?

    Many thanks in advance.

    Btw, After flashing there's written 'Wireless-G Broadband Router with
    SpeedBooster' - does the GL have it now, or it's just there?
     
  2. ifican

    ifican Network Guru Member

    A very simple explanation: by default all ports are blocked from the outside in. However when a request is made of data from the inside out, the router will allow the requested data back in and then after a very short timeout period will again close the port.

    Port forwarding is needed when you run a server or service on the inside that you want accessable from the outside. Because of NAT the router has not idea what ip to send the data to when it originates from the outside, so by setting up port forwarding you are telling the router when you see "this data on this port" send it to "this machine". Ok maybe that wasnt so simple but i think you get the point.
     
  3. lechuck1

    lechuck1 LI Guru Member

    Thanks for the reply!

    Let's see if I get that (plus new questions):

    1. If I make a inside out reguest by browsing web - then browser
    will open port 80 and it will go trough firewall. Ok?

    2. If I want to connent to one PC with RDP I need to setup port
    forwarding for the 3389 port - as it's outside in request. Ok?

    3. For using Skype - For inside out it openes port (like 6057)
    and I make a call - but for incoming calls it uses port 80.
    Is port 80 always open?

    4. If I start uTorrent it openes one port, but for seeding I need to
    forward that port? I'm not sure for this one? Any other reason for
    port forwarding here?

    5. Is there any guide which ports to forward and why?

    6. Is there a setting to manualy configure the request made from the
    inside out?
     
  4. ifican

    ifican Network Guru Member

    1. If I make a inside out reguest by browsing web - then browser
    will open port 80 and it will go trough firewall. Ok?

    -correct

    2. If I want to connent to one PC with RDP I need to setup port
    forwarding for the 3389 port - as it's outside in request. Ok?

    -if you are RDP'ing inside out it will just work, if you are RDP'ing from the outside in, yes you will need to port forward 3389 to the host ip you are trying to reach.

    3. For using Skype - For inside out it openes port (like 6057)
    and I make a call - but for incoming calls it uses port 80.
    Is port 80 always open?

    -no 80 will not be open in that case, but you can use a feature called port triggering, that will listen for port 80 traffic when it sees outbound 6057.

    4. If I start uTorrent it openes one port, but for seeding I need to
    forward that port? I'm not sure for this one? Any other reason for
    port forwarding here?

    -I dont use utorrent so i dont know, but i am sure it will tell you within the program what ports it needs for what, and you just set the router accordingly.

    5. Is there any guide which ports to forward and why?

    -I am sure there is for just about any program used, but anytime i need to know for myself i go to the website or the program documentation and one will usually have the ports needed to make it work.

    6. Is there a setting to manualy configure the request made from the
    inside out?

    -no by default the router will be set to allow all traffic going out.
     
  5. lechuck1

    lechuck1 LI Guru Member

    ifican, thanks for all replys.

    I also read about port trigering at portforward.com and there is one
    thing that I need to ask.

    In the port forwarding steps they say:
    'Remove the checkmark from the Block Anonymous Internet Requests checkbox.'

    ... and then go to Port Range Forward menu...

    I'd like to be in 'stealth mode' (or protected) as much as possible and do
    not now why this is nessesary.
     
  6. bkmo

    bkmo LI Guru Member

    For Skype to work, you really need do nothing. You can open a port, but to my knowledge this is only for skypes benefit of using your bandwidth. For uTorrent you need to port forward the port to the IP address of the computer running uTorrent. If you turn on UPNP it will probably open a port for you, but it does not seem to always work for me. You can leave block anonymous internet requests checked. Port forwarding will still work. Oh and for RDP, just forward the port.
     
  7. RTSAnime

    RTSAnime Network Guru Member

    UPNP works fine on my Gv3 with tomato and utorrent. I would assume it should work equally as well on thibor
     
  8. mstombs

    mstombs Network Guru Member

    This allows the router to respond to "ping" requests from the internet. I do this so I can check on my home internet connection from work. Of course it means anyone can also do this check - but do you think "not responding" is going to stop anyone trying to hack into your system with port scans looking for windows vulnerabilities? I think not! Your IP address is logged by any web server you access - all ISPs allocate blocks of sequential IP addresses, a compromised PC inside your ISPs firewall will attempt to hack any IP address it can access until detected/blocked.
     
  9. lechuck1

    lechuck1 LI Guru Member

    I do not expect that I'm 100% safe. I just heard that not responding to
    ping and blocking portscans improves safety...
     
  10. grcore

    grcore Network Guru Member

    Perhaps they are opening up via UPnP
     
  11. lechuck1

    lechuck1 LI Guru Member

    I'd like to thank to all of you for help.

    Yes, it's UPnP. I dissabled it and uTorrent is blocked. It all makes sense now.

    If a program is started inside and UPnP is enabled then a port is opened on
    the router as long the program is opened.

    If you need access from outside then you must forward needed port. :)

    If UPnP is disabled, you must forward ports for all programs you use.

    If I got this wrong, somebody please correct me.
     

Share This Page