Please note, this is a general networking/firewall question not specific to Linux!

That being said, here's the problem. I have 4 PC's behind my D-Link DI-624 (http://support.dlink.com/products/view.asp?productid=DI%2D624%5FrevC) wireless router.
2 workstations, 1 Linux, 1 Win2K; hard-wired
2 laptops, 1 Linux, 1 XP; wireless.

The router provides DHCP for the LAN, but is itself a DHCP client to an Earthlink Netopia DSL modem (http://www.netopia.com/support/resources/option_3341elk.html).

Shields Up (https://grc.com/x/ne.dll?bh0bkyd2) shows ports 0 and 113 as blocked, everything else stealthed.

In the router firewall I have opened the 2 blocked ports to bogus IP's on the LAN, which should make them show stealthed, but they are still showing blocked???

Why I'm confused is because I previously ran the modem in passive mode and established the PPOE connection to Earthlink from the router. In this configuration, ports 0 & 113 showed stealthed, as intended. Unfortunately PADT signals were getting to the router and causing it to drop the DSL link repeatedly. After talking with tech support at D-Link and Earthlink, I had to change to the current configuration. Now my link is rock-solid, but I can't get the ports to stealth. I'm assuming that the DSL modem is showing the blocked ports and that the router firewall is probably not even coming in to play, but I can't be sure because Earthlink locks down the modem firmware.

If anyone else has run into this issue and has come up with a workaround, I would love to here it! Thanks in advance...

off the bat i'll tell you i'm not going to be muich help ,but this will bump your thread ;)



I have never had DSL and don't have much experince with it. But I do know that DSL clients are constatnly getting new ip address, in the process of receiveing a new ip addres it is possible that your next hop out is a different router, if this is the case then it is possible that that router has some access list or firewall rule that is blocking those ports. I know my ISP blocks a few ports. only saying this becasue it could explain ur problem with the different result after using GRC...

or.. does your modem have web management? if so I would check that out.. btw, if your modem has some firmware that would restrict access this would have been in place with your original setup. I know My ISP has management software that they can use from where they are to poll my modem and check other statistics, but I do not know if they actually manage it... If this is possible than this might be a possible issue. also, do a lil research on your modem, I know a while back I wanted to uincap my modem (decided against it,, lol) but there were many sites out there that show you how to uncap your modem, if this is a issue with your modem, i'm sure that some modem guru has all the documentation you need (to un restrict access)

What type of router do you have?

This is how bored at work I am, I'm trying to answer a question that I don't know anything about

:(

Originally posted by Admstng
What type of router do you have?

What, you're not bored enough to read my whole post? :rolleyes:

This is how bored at work I am, I'm trying to answer a question that I don't know anything about

Almost as bored as me, I actually researched it! :D

Turns out my DSL modem does have default firewall settings, unchangeable by me due to the Earthlink firmware, however I found that I can disable the router functions of the modem, which I tried before with disastrous results, but if I do I have to manually specify the VPI/VCI settings to be 0/32. That's officially more than I ever wanted to know about DSL, but may be well worth it if I can let my D-Link router do the firewall duties and thereby have more control.

my heads hurts.. that's my excuse for over looking the "i have a D-link router" lol

Let us know how this works out for you


-Adam

PS.. what type of modem do you have?

Originally posted by Admstng
PS.. what type of modem do you have?

Apparently an exposed one...

yea... that was my "icing on the cake" joke following my original post..