WAG54G (alle versions) What is the firewall function

Discussion in 'Other Linksys Equipment' started by krimszon, Nov 2, 2005.

  1. krimszon

    krimszon Network Guru Member

    I am wondering: what exactly does the firewall in the WAG54G do? It has no rules, just enable/disable, so what can you do with it?

    The device already has port forwarding and you can put a machine in the DMZ (all traffic forwarded to that machine), so I don't really know what the firewall could do other than confuse the user.

    I have noticed that the port forwarding seems to work better with firewall disabled, why is that? Is it safe to turn off the firewall, it seems better to have it enabled.
  2. ReDFlaG

    ReDFlaG Network Guru Member

    the FW protects your lan against incoming intrusion.

    as you've said DMZ is to allow ONE machine to be totally reachable through the FW. (but others are not)

    port forwarding is to allow specif ports to be opened while others are kept stealth and secure with the FW.

    i don't see what is unclear.
  3. krimszon

    krimszon Network Guru Member

    Well, when I think firewall, I think, no traffic comes past this point without me saying so. I can configure certain ports or portranges including setting TCP or UDP and give that rule a name:

    apache 80 tcp

    This is ALL implemented with the port forwarding, right? So what does it mean to have these settings, and then disable the firewall?

    You said it 'cloaks', can you explain that?
  4. ReDFlaG

    ReDFlaG Network Guru Member

    the wags FW is intended to filter incoming traffic (from the net) not really to filter the one wich came from your lan. A real (pro) FW should do both way, with set of rules like you said.

    if you want rules and a better handle on traffic going through, you 'd to buy a more expensive router, or use proxy/software one like the excellent winroute firewall pro. Or use an alternative firmware for your wag. (hope you 're good with linux)

    for the stealth explanation go there https://www.grc.com/su/portstatusinfo.htm
  5. krimszon

    krimszon Network Guru Member

    I used Shields Up to scan my home network (thanks for the link!).

    My WAG54G has portforwards on 20, 21, 80, 8000 and 8080. They all forward to a server which has ftp and http services. The WAG54G's "firewall protection" is disabled.

    The result of running Shields Up from my workstation is:

    port 20 is reported stealth
    ports 21, 80, 8000, 8080 is reported open
    Everything else is stealth.

    So because of this, I conclude that the "firewall protection" is not for filtering incoming traffic, because even when disabled, all ports are stealth.

    You just said the WAG54G's firewall doesn't filter outgoing traffic. Does this mean the option is bogus (does nothing)?
  6. ReDFlaG

    ReDFlaG Network Guru Member

    hmmm. it's illogical but you are right i've done the tests.

    enabling or disabling firewall left the ports stealthed.

    unchecking "Block Anonymous Internet Requests" make the lan responding to ping request but ports are still stealthed (even if FW is disabled).

    (i've done hard reboot to be sure and it's the same)

    We need an expert to explain it, i'm just a simple user as your are :)
  7. maka_szn

    maka_szn Network Guru Member

    Being simple user too i have one idea which needs to be tested (i'm too lazy myself).
    As all know (suppose) when you have ip address translation on the router you can not access LAN from outside except for specially forwarded ports.
    Ok, so what is this firewall for?
    What if router in NOT translating ip addresses, but only acts as a bridge?
    In this case your LAN devices suppose (not sure) have public ip addresses and firewall has a lot sense.
    Maybe someone brave enough will test it.

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice