DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
2820 Firewall : Testing to block port 80 (Web test on Win7)
- njh
- Offline
- Member
Less
More
- Posts: 306
- Thank you received: 0
28 Mar 2010 17:36 #61422
by njh
2900Gi/v2.5.6; 2900/v2.5.6
Replied by njh on topic 2820 Firewall : Testing to block port 80 (Web test on Win7)
I don't know your router, but you want to play around with it with the purpose of getting it to automatically hand out its own IP address and the DNS server for your LAN PC's.
My Drayteks exhibit different behaviours so there is not always a one size fits all solution. Typically (especially if you are using your own ISP's servers), you want all the settings relating to DHCP and DNS set to automatic. Don't manually input the DNS servers anywhere. On my routers these can be held in 2 places, Basic Setup > LAN TCP/IP and DHCP Setup and Quick Setup > Internet Access Setup. First of all try making sure both are clear. Once you have done that, refresh your network connection with an "ipconfig /release" and an "ipconfig /renew", then see your PC settings again with an "ipconfig /all".
My Drayteks exhibit different behaviours so there is not always a one size fits all solution. Typically (especially if you are using your own ISP's servers), you want all the settings relating to DHCP and DNS set to automatic. Don't manually input the DNS servers anywhere. On my routers these can be held in 2 places, Basic Setup > LAN TCP/IP and DHCP Setup and Quick Setup > Internet Access Setup. First of all try making sure both are clear. Once you have done that, refresh your network connection with an "ipconfig /release" and an "ipconfig /renew", then see your PC settings again with an "ipconfig /all".
2900Gi/v2.5.6; 2900/v2.5.6
Please Log in or Create an account to join the conversation.
- zgap111
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 28
- Thank you received: 0
28 Mar 2010 18:12 #61423
by zgap111
Replied by zgap111 on topic 2820 Firewall : Testing to block port 80 (Web test on Win7)
I've blanked the LAN > General Setup's DNS numbers
Under WAN > Internet Access > WAN1:
WAN IP Netowkr Settings = Obtain IP Address Automatically
DNS Server IP Address = both blank
I've done the ipconfig things, and /all gives the same last result: DNS = 192.168.88.1
Firewall is still set to blocking 80 to 51000
& I've rebooted the router.
And I'm still able to reply to this forum.
I'm curious how DNS is linked to what I want to do - I want to block all ports except web & mail, and since it's not working, I'm just testing on the direct opposite = I want to block web access. Surely any packet for port 80 (= http) should be blocked, right?
Hope there's more suggestions!
Under WAN > Internet Access > WAN1:
WAN IP Netowkr Settings = Obtain IP Address Automatically
DNS Server IP Address = both blank
I've done the ipconfig things, and /all gives the same last result: DNS = 192.168.88.1
Firewall is still set to blocking 80 to 51000
& I've rebooted the router.
And I'm still able to reply to this forum.
I'm curious how DNS is linked to what I want to do - I want to block all ports except web & mail, and since it's not working, I'm just testing on the direct opposite = I want to block web access. Surely any packet for port 80 (= http) should be blocked, right?
Hope there's more suggestions!
Please Log in or Create an account to join the conversation.
- zgap111
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 28
- Thank you received: 0
28 Mar 2010 18:22 #61424
by zgap111
Replied by zgap111 on topic 2820 Firewall : Testing to block port 80 (Web test on Win7)
Update:
I realised I have a VPN connection from the router to my work, I've now disabled it, and still have the same problem
I thought maybe the web traffic is blocked at WAN and re-routed via VPN connection, well it's not since I'm still able to reply on this forum...
I realised I have a VPN connection from the router to my work, I've now disabled it, and still have the same problem
I thought maybe the web traffic is blocked at WAN and re-routed via VPN connection, well it's not since I'm still able to reply on this forum...
Please Log in or Create an account to join the conversation.
- zgap111
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 28
- Thank you received: 0
28 Mar 2010 18:35 #61425
by zgap111
Replied by zgap111 on topic 2820 Firewall : Testing to block port 80 (Web test on Win7)
Update:
I acutally have VMWare on this Win7 Machine.
So I've loaded up WinXP Pro (SP3), and did the web access tests under IE8.
I can confirm that:
Block 80-51000 = ON = Web Access = NO
Block 80-51000 = OFF = Web Access = YES
Port blocking works on WinXP.
This must mean it MUST be Windows 7 doing something in the background.
Can anyone test to confirm my findings?
I acutally have VMWare on this Win7 Machine.
So I've loaded up WinXP Pro (SP3), and did the web access tests under IE8.
I can confirm that:
Block 80-51000 = ON = Web Access = NO
Block 80-51000 = OFF = Web Access = YES
Port blocking works on WinXP.
This must mean it MUST be Windows 7 doing something in the background.
Can anyone test to confirm my findings?
Please Log in or Create an account to join the conversation.
- njh
- Offline
- Member
Less
More
- Posts: 306
- Thank you received: 0
28 Mar 2010 19:24 #61426
by njh
2900Gi/v2.5.6; 2900/v2.5.6
Replied by njh on topic 2820 Firewall : Testing to block port 80 (Web test on Win7)
The purpose of the "DNS thing" was to stop you blocking it. DNS is the mechanism which converst URL's (e.g. www.google.co.uk ) to an IP address (e.g. 216.239.59.104). The way you were going was going to block this and, therefore, just about kill everything.
I cannot see that IE8 would be doing anything. Access is being blocked outside the reach of IE8 i.e. the blocking is not happening on the PC so the program you are using should not matter.
On your PC can you clear your DNS cache (ipconfig /flushdns) and try your tests again from IE8?
I cannot see that IE8 would be doing anything. Access is being blocked outside the reach of IE8 i.e. the blocking is not happening on the PC so the program you are using should not matter.
On your PC can you clear your DNS cache (ipconfig /flushdns) and try your tests again from IE8?
2900Gi/v2.5.6; 2900/v2.5.6
Please Log in or Create an account to join the conversation.
- zgap111
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 28
- Thank you received: 0
28 Mar 2010 19:34 #61427
by zgap111
Replied by zgap111 on topic 2820 Firewall : Testing to block port 80 (Web test on Win7)
I wanted to be sure...
So I test for port 80, and FAILED on WinXP.
I then tried my method before on the port ranges.
Same thing happen, but it was from range 80-1000, then it started to creep upwards.
### I've solved it ###
My Service type were always matched, say:
Protocol = TCP/UDP
Source Port = 80 - 51000
Destination Port = 80 - 51000
I think this is wrong.
========
Web (http) blocking seems to work with:
Source = 1 - 65535
Destination = 80 - 80
http = blocked
https = allowed
========
Hope this info helps someone... took me a day to figure it out!
Now that it works, I can go back to my original plan...
So I test for port 80, and FAILED on WinXP.
I then tried my method before on the port ranges.
Same thing happen, but it was from range 80-1000, then it started to creep upwards.
### I've solved it ###
My Service type were always matched, say:
Protocol = TCP/UDP
Source Port = 80 - 51000
Destination Port = 80 - 51000
I think this is wrong.
========
Web (http) blocking seems to work with:
Source = 1 - 65535
Destination = 80 - 80
http = blocked
https = allowed
========
Hope this info helps someone... took me a day to figure it out!
Now that it works, I can go back to my original plan...
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek