Hey guys,

I posted this same message under hardware, meant to post it here, sorry.

This is my first post on here. I'm not new with computers by any means, I work on them daily. Sorry this post is long, I wanted to explain everything.

I've recently had some problems with my Blitzz Wireless Router's firewall. I can't seem to disable it, and it blocks many ports that I of course, don't want blocked.

I've tried changing about every option I assumed would affect it, but nothing seems to work.

While going through my wireless router (rather than modem-->computer) the following don't work in any way:

FTP (no successful attempts using any port), VOIP (1024,1026), VNC (5900,80), general remote connections. This goes along with VOIP, but also xfire says "You are behind a Port-Restricted Cone NAT".

I've tried everything I can with the router's settings. I changed access control list, set it so it only blocks specific ports for an hour one day a week to see if it works, nothing.

I'm sure it can't be easy to help me out not looking at it, I know that always helps me. But if anybody has any idea how to get around this firewall (other than unhooking my wireless router- which, by the way works perfectly), please let me know.

Thanks,
Casey

First, let's make sure you understand how all this stuff works.

You are using a SOHO router, which is a NAT device. NAT is a technology used to allow multple computers use one public IP address. NAT alters each packet on the fly, changing your internal machines IP addresses with public addresses, and then uses intuitive logic to know which computers' IP addresses to use when incoming traffic comes in.

That process is easy to do with connections originating from within your network. NAT devices see the connection going out, so it knows traffic related to that connection goes back to that computer.

However, if the connections originate from the outside and come in, there's no intuitive way to know to which computer that traffic should be directed. That's where port forwarding comes in. Port forwarding, or "opening a port", sets a rule that says, "if traffic originates out the outside on this port, send it to this IP".

A way around this is configure the router to set your computer into a "DMZ" which effectively is a blanket rule to forward all traffic to your computer. However, this is highly discouraged since it's a major security risk. You could try this just to see if it fixes the issue, but make sure you harden your computer and run a software firewall before doing so.

NAT, due to its nature can be incompatible with traffic, especially VPN type traffic without specific code to deal with certain applications. Your VOIP traffic could be falling in to that category.

First thing I would do is check for an updated firmware for your router.

I do want to stress that straight VNC over a public network, especially the internet, is not a good idea regardless of what is causing this issue. If you insist on using VNC instead of the more secure RDP, make sure you tunnel it via VPN or SSH.

Also, FTP by nature is a bit more complex than say HTTP traffic. Remember it uses multiple ports. Looking back at yoru issue, I notice most of what is failing are similar complex things that use multiple ports.

"Enough, enough bowing down to disillusion!
Hats off & applause to rogues & evolution!
The ripple effect is too good not to mention.
If you’re not affected, you’re not paying attention!"

Do these apps work if computer to modem? That was not clear from your post.

Give a person a fish, they eat for a day. Suggest they internet search and they learn a skill for a lifetime.

Also, many wirelss routers will not you change all their settings wirelessly. You have to access the router via a cable and then go back to wireless after the settings have been changed.

Sometimes I think I understand everything, then I regain consciousness

@Heropsycho2177
General: Thanks for all of the information, it was a good refresher. I will try updating my firmware; I had already thought of setting up DMZ, but I havn't yet been able to find my login/pass given by my provider, which for some reason is needed to do that.
VNC: I understand the potential risks and do take the precautions you listed. Do you have any suggestions for more secure RDPs?
FTP: I understand also, I thought I had it last night, but still wouldn't work correctly.

@Wanderer
Yes. EVERYTHING above works no problem at all while only running from modem->computer. However, if I use the wireless router, all of the above fail to work correctly.

@Jefro (hardware)
I'm not positive I have it set up right, it seems the way I have it, it should work. But this router, is obviously giving me some trouble.

@Seawatch
I hadn't thought of that, but in this situation it seems that with the available options I should be able to get this to work efficiently. I'll continue to work with it.

"VNC: I understand the potential risks and do take the precautions you listed. Do you have any suggestions for more secure RDPs?"

If you're using RDP, again, tunneling via VPN provides increased security, but short of that, the only other thing you can do is ensure the connection is 128-bit encrypted. The next RDP within Vista and Longhorn will support more advanced authentication features, but that's obviously not here yet.

But straight up, RDP is more secure than VNC.

"Enough, enough bowing down to disillusion!
Hats off & applause to rogues & evolution!
The ripple effect is too good not to mention.
If you’re not affected, you’re not paying attention!"