Does firewall work / log colours?

Discussion in 'Other Linksys Equipment' started by robaker, Mar 19, 2005.

  1. robaker

    robaker Network Guru Member


    Grovelling apologies in advance if this is the wrong forum or if this has been answered before. I've had a bit a lurk and couldn't find the answer, hence this post.

    I have had a WAG54G v1.0 since September 2004. PC World was doing a deal on them and I already have a couple of other LinkSys devices and assumed compatibility would be best across devices from one vendor. I wouldn't normally get stuff from PC World, but was in a hurry and knew I could take it straight back if it didn't work.

    Been working ok since then as far as I can tell. I have an Xbox, 3 laptops and an old desktop connecting via wireless. All of these are short-session devices (start it up, browse web or play game, close it down). I've not noticed many problems. DHCP seems to hand out IP addresses ok.

    I have noticed that clients will lose wireless connectivity if left on for 24 hours or so. The connection usually Repairs ok (Windows XP) although this is annoying as something left downloading for ages will get stuck until repaired. Also, one laptop, a Centrino - so has Intel wireless card, etc - won't make a good connection even though other devices in the same room will.

    Hmm. The intro went on a bit. Sorry. Anyway, was playing with the firewall the other day, looking at the log and noticed a lot of entries in green from various external addresses sent directly to the firewall's external IP address. The ports that are logged tend to be 445, 135, etc. A bit of digging shows these to be prime targets for a bit of hacking or whatever, but no problem there as the WAG54G isn't going to be hosting anything on these ports - 'hackerz' denied!

    Log entries for valid traffic shows-up in black text. The log usefully shows the host name, if possible, so I can see the names of web-sites I recognise.

    My initial question is, so where's the blocked traffic? I can't believe one of the internal devices hasn't attempted to connect via a port that's disallowed by the WAG54G's out-of-the-box settings.

    I had a look at the Applications & Gaming pages on the WAG54G. Port range forwarding and port triggering are both empty. Single port forwarding has some default entries for stuff like FTP, but these are disabled. 4 enabled entries were in - 1 for Xbox and for Microsoft Messenger, but as DHCP juggles the IP addresses I couldn't see these working. It also didn't explain how other traffic, web browsing to port 80, for example, was getting through. I cleared the Enabled boxes for the 4 enabled port forwards and hey presto, made no difference at all. So, the firewall is apparently enabled, but no traffic is allowed, and yet I can still merrily play Xbox online, browse the web and probably get hacked by 12-year-olds!

    So my second question is: does this thing actually have a firewall in it, or is it a big con? :)

    Linksys' UK support were helpful, via email, when it came to identifying that I had a v1.0 box and supplied a firmware upgrade (to 1.02.1), but have clammed-up now I've asked them explain just what their firewall is doing (or indeed, not doing).

    I've tried disabling then re-enabling the firewall via the web UI, but it doesn't appear to make a difference. Anyone else had similar problems, or can confirm that the firewall does actually function on v1.0 boxes?


  2. Toxic

    Toxic Administrator Staff Member

    The firewall should only block traffic incomming from the internet and not on your LAN, (I think) are you wanting the firewall to block everything? the built in firewall works slightly different from a software firewall like ZoneAlarm.

    afaik it doesn't log everything the router does or doesn't do. it is not like a software firewall that logs to an endless file. the router will hav limited ram to hold firewall information for logging.

    to check your firewall is working try here:

    i dont know if this is any news for you as well but you may want to try enabling SNMP in the administration page, and then use PRTG to log all traffic details as well.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice