PeterEl Posted August 28, 2012 Share Posted August 28, 2012 Hello! My firewall outpost detected incoming connections on port 80 and blocked them. I think that the router must block incoming connections on port 80, right? But it does not. Please explain why this might be. (i use windows xp) 176.57.209.48 - this SOURCE ADRESS, 192.168.1.100 - this TARGET adress. Attached a screenshot. Link to comment Share on other sites More sharing options...
jaclaz Posted August 28, 2012 Share Posted August 28, 2012 It depends by a number of factors.Which router do you have?How exactly it is setup?Is NAT enabled?And how it is set?jaclaz Link to comment Share on other sites More sharing options...
PeterEl Posted August 28, 2012 Author Share Posted August 28, 2012 It depends by a number of factors.Which router do you have?How exactly it is setup?Is NAT enabled?And how it is set?jaclaz1) linksys e15002) permission for incoming connections on port 80 is not installed.3) NAT is enabled4) "And how it is set?" - what do you mean? Link to comment Share on other sites More sharing options...
submix8c Posted August 28, 2012 Share Posted August 28, 2012 Me accessing MSFN.ORG (the Port 80 one) through my router (my router address=192.168.8.17 - multiple ports): Link to comment Share on other sites More sharing options...
Tripredacus Posted August 28, 2012 Share Posted August 28, 2012 You should maybe run netstat -bTo see if you have anything besides your browsers or known clients accessing the internet. Link to comment Share on other sites More sharing options...
PeterEl Posted August 28, 2012 Author Share Posted August 28, 2012 (edited) You should maybe run netstat -bTo see if you have anything besides your browsers or known clients accessing the internet.I looked, all processes are known.The question is still valid. Edited August 28, 2012 by PeterEl Link to comment Share on other sites More sharing options...
submix8c Posted August 28, 2012 Share Posted August 28, 2012 (edited) Can't disagree. The IP in your screenshot seems to indicate a Russian website that's being accessed.edit - ULP! Is that YOUR External IP address?http://jaguar.timeweb.ru/error_domain.htm Edited August 28, 2012 by submix8c Link to comment Share on other sites More sharing options...
submix8c Posted August 28, 2012 Share Posted August 28, 2012 (edited) ???http://en.timeweb.ru/support/faq/If that's YOUR IP address, maybe you've set up a Web Server? I have one on my PC (via "no-ip") and had to make "exceptions" to allow folks to access it.edit - (stupid me... I made a second post...) Edited August 28, 2012 by submix8c Link to comment Share on other sites More sharing options...
jaclaz Posted August 28, 2012 Share Posted August 28, 2012 Me accessing MSFN.ORG (the Port 80 one) through my router (my router address=192.168.8.17 - multiple ports):I am not sure to understand, those seems a lot like OUTbound connections and not INbound ones.... @PeterElI mean how exactly is NAT (or any other similar setting) set to?From what I can see (not from the E1500 manual here: http://homesupport.cisco.com/en-eu/support/routers/E1500 which is pretty much "useless") but from the more "generic" one:http://www.manualowl.com/m/Cisco/E1500/Manual/236876?page=40There is no specific setting/page for NAT, and if you want to "expose" a device to the internet you need to put it in the DMZ.The *whatever* that blocks (or should block) unwanted packets is seemingly SPI (Stateful Packet Inspection), but as well I cannot find any detailed settings guide, see also:http://www6.nohold.net/Cisco2/GetArticle.aspx?docid=349c2ccc3fb44e1b8878369cc84a56bb_KB_EN_v1.xml&pid=80&converted=0See if this applies to your router (these are the kind of settings that might affect the possibility to "go through"):http://www6.nohold.net/Cisco2/GetArticle.aspx?docid=978eca6b436a4edc92576ba183b91f5c_KB_EN_v1.xml&pid=8&converted=0jaclaz Link to comment Share on other sites More sharing options...
PeterEl Posted August 28, 2012 Author Share Posted August 28, 2012 Me accessing MSFN.ORG (the Port 80 one) through my router (my router address=192.168.8.17 - multiple ports):I am not sure to understand, those seems a lot like OUTbound connections and not INbound ones.... @PeterElI mean how exactly is NAT (or any other similar setting) set to?From what I can see (not from the E1500 manual here: http://homesupport.cisco.com/en-eu/support/routers/E1500 which is pretty much "useless") but from the more "generic" one:http://www.manualowl.com/m/Cisco/E1500/Manual/236876?page=40There is no specific setting/page for NAT, and if you want to "expose" a device to the internet you need to put it in the DMZ.The *whatever* that blocks (or should block) unwanted packets is seemingly SPI (Stateful Packet Inspection), but as well I cannot find any detailed settings guide, see also:http://www6.nohold.net/Cisco2/GetArticle.aspx?docid=349c2ccc3fb44e1b8878369cc84a56bb_KB_EN_v1.xml&pid=80&converted=0See if this applies to your router (these are the kind of settings that might affect the possibility to "go through"):http://www6.nohold.net/Cisco2/GetArticle.aspx?docid=978eca6b436a4edc92576ba183b91f5c_KB_EN_v1.xml&pid=8&converted=0jaclazAll security options on my router are turned on.And i not use DMZ, it's disabled. Link to comment Share on other sites More sharing options...
submix8c Posted August 28, 2012 Share Posted August 28, 2012 (edited) I am not sure to understand, those seems a lot like OUTbound connections and not INbound ones....Yeah, a little goofy-looking. It appears that the Outbound are legitimate. Apparently, it's part of the communications cycle. Details of one (Symantec Firewall, BTW): Edited August 28, 2012 by submix8c Link to comment Share on other sites More sharing options...
jaclaz Posted August 28, 2012 Share Posted August 28, 2012 (edited) All security options on my router are turned on.I will try again, are your settings EXACTLY like the ones on this page?http://www6.nohold.net/Cisco2/GetArticle.aspx?docid=978eca6b436a4edc92576ba183b91f5c_KB_EN_v1.xml&pid=8&converted=0Does you router has other pages/settings?How are they set?Post a few screenshots of what you see (obviously removing personal information/private LAN Ip's etc).And i not use DMZ, it's disabled.Good. BTW a possibility would be to go to a friend's house and try accessing your IP from the "outside", backtrack is the first tool/distro that comes to mind:http://www.backtrack-linux.org/This way you could have maybe an idea of what's going on.jaclaz Edited August 28, 2012 by jaclaz Link to comment Share on other sites More sharing options...
submix8c Posted August 28, 2012 Share Posted August 28, 2012 (edited) Well, as I gave the address of the (apparently) Hosting site, perhaps someone has inadervtently HARD-WIRED you "dynamic" address into THEIR website.Again, I use NO-IP and have a dynamic IP which is updated occasionally to allow others to access it and had to give an INCOMING exception to Port 80 for my INTERNAL "fixed" IP address.http://martin-entltd.no-ip.org/(No longer valid - NOIP deleted it from my Account and it's "stuck" to unusable.)?Something odd with that IP address... What happens with the above (mine)? Edited April 7, 2013 by submix8c Link to comment Share on other sites More sharing options...
PeterEl Posted August 28, 2012 Author Share Posted August 28, 2012 All security options on my router are turned on.I will try again, are your settings EXACTLY like the ones on this page?http://www6.nohold.net/Cisco2/GetArticle.aspx?docid=978eca6b436a4edc92576ba183b91f5c_KB_EN_v1.xml&pid=8&converted=0Does you router has other pages/settings?How are they set?Post a few screenshots of what you see (obviously removing personal information/private LAN Ip's etc).And i not use DMZ, it's disabled.Good. BTW a possibility would be to go to a friend's house and try accessing your IP from the "outside", backtrack is the first tool/distro that comes to mind:http://www.backtrack-linux.org/This way you could have maybe an idea of what's going on.jaclazAll the same like this page http://www6.nohold.net/Cisco2/GetArticle.aspx?docid=978eca6b436a4edc92576ba183b91f5c_KB_EN_v1.xml&pid=8&converted=0, but Filter Multicast is ON and Filter Internet NAT Redirection... - is ON.Other settings in attached file ->router-settings-pic.rar Link to comment Share on other sites More sharing options...
jaclaz Posted August 28, 2012 Share Posted August 28, 2012 All the same like this page http://www6.nohold.net/Cisco2/GetArticle.aspx?docid=978eca6b436a4edc92576ba183b91f5c_KB_EN_v1.xml&pid=8&converted=0,'>http://www6.nohold.net/Cisco2/GetArticle.aspx?docid=978eca6b436a4edc92576ba183b91f5c_KB_EN_v1.xml&pid=8&converted=0, but Filter Multicast is ON and Filter Internet NAT Redirection... - is ON.From:http://www6.nohold.net/Cisco2/GetArticle.aspx?docid=978eca6b436a4edc92576ba183b91f5c_KB_EN_v1.xml&pid=8&converted=0• Filter Multicast – This feature blocks multicasting or the method of sending IP diagrams to a group of receivers in a single transmission. This option is set to Disabled by default. Select this option to enable filter multicasting.NOTE: IP multicasting is widely used in enterprises, commercial stock exchanges and multimedia content delivery networks such as IPTV applications. If you do not use such applications, it is much advisable to keep this option disabled to protect your network from spoofing or Denial of Service (DoS) attacks.It seems like "safe" is "disabled". Like many (most ) Cisco originated documentation is - to say the least - self referencing, I doubt Captain Obvious himself could have written a better article than:http://www6.nohold.net/Cisco2/GetArticle.aspx?docid=34da84c41ef2451e96dbc36f49b2f455_17372.xml&pid=80&converted=0(please note how the title is "Definition of Filter Multicast and reasons to enable or disable it")It is a very confusing matter:http://homecommunity.cisco.com/t5/Wireless-Routers/Filter-Multicast/td-p/334178but several sources (including the "default" settings) seem to imply that it should normally be disabled for increased security:http://portforward.com/english/routers/firewalling/Cisco/Linksys-E1200/defaultguide.htmjaclaz Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now