| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 146550 | 2018-09-04 21:39:00 | Firewall Rules, Encryption and Securing home wi-fi network | chiefnz (545) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1453326 | 2018-09-05 21:31:00 | So I suspect there may be an issue with Wi-Fi and possibly the router itself. This morning again devices could not get onto the wireless and the Internet wasn't going either despite, DSL SYNC and Internet lights being on. I rebooted and still could not get onto wireless and the internet was offline even though I had DSL SYNC. So I reset the router to factory defaults and started from scratch, it is working now but will see how it goes. Does any one have an opinion on those really expensive ($400+) routers from Netgear (Taipan's etc.) and Asus? Whilst I'd normally not be keen on spending more than $250 for a router if the Netgear/Asus units were worth it I may go all in for one of them. Thanks, |
chiefnz (545) | ||
| 1453327 | 2018-09-05 22:01:00 | Honestly, just buy a cheapish wifi router . I wouldnt spend silly money on it for home use . I bought a used one off trademe , they are dirt cheap if you look out for bargains If you are worried about 5eyes then you must NEVER use wifi, you'll need to smash your cellphone, never use email , never use windows , encrypt your whole hard drive & hope like hell theres no backdoor WPA2 is crackable btw , thats your security down the toilet no matter how much you spend. as noted above, the biggest security risk is allways user stupidity. Click that link, open that bogus email :badpc: |
1101 (13337) | ||
| 1453328 | 2018-09-05 23:38:00 | To be honest I'm not really worried about the Five Eyes situation. I am looking at one of 2 Asus AC55U units; ASUS 4G-AC55U 3G/4G LTE (4G-AC55U) (www.pbtech.co.nz) Gigabit Wi-Fi Router with SIM Card Slot, Dual-Band AC1200, 1 x WAN, 4 x LAN, 1 x USB Dual WAN, VPN, Detachable and upgradeable 4G LTE antennas ASUS 4G-AC55U 3G/4G LTE (DSL-AC55U) (www.pbtech.co.nz) Gigabit Wi-Fi Router with SIM Card Slot, Dual-Band AC1200, 1 x WAN, 4 x LAN, 1 x USB Dual WAN, VPN, Detachable and upgradeable 4G LTE antennas I have seen a few reviews one the DSL-AC55U that some people have needed to power cycle the unit every 24 hours or so but these are out-weighed by positive comments. I'm leaning towards the (4G-AC55U) but will do some more research before diving in with a load of cash. Cheers, |
chiefnz (545) | ||
| 1453329 | 2018-09-07 22:53:00 | Ok so I've been tinkering with my modem's firewall and have been using the rules feature to allow/deny traffic out to the internet. There are two options; Allow the packets not specified by any filtering rules to pass through the device Deny the packets not specified by any filtering rules to pass through the device So I'm thinking; Set the firewall to use the Deny option and then create a rule for each of the devices on my network? Which will mean if there is no rule for a specific device traffic will not be allowed out? My next question is... Which method would be better.... allow traffic out based on MAC address or ip address? I have disabled DHCP and for non-PC devices (basically anything on wireless) reserved an IP address. So there are 2 PC's with static IP's and all other devices (mobiles, laptops and tablets) have an address reservation Any thoughts and insights appreciated. Thanks, |
chiefnz (545) | ||
| 1453330 | 2018-09-07 23:33:00 | Ok so this seems to be working quite well. The next question is should I have an explicit deny rule for incoming traffic? My assumption is that inbound traffic will be allowed as long as the traffic was initiated from within my LAN. What I want to is to block any unsolicited ïnbound traffic... I would think this is a "Default rule for the firewall so may not need to put this in place? I don't know if there is any way to "see"what the modem's default firewall rules are? Which is why i'm asking if there needs to be a explicit deny? Thanks, |
chiefnz (545) | ||
| 1453331 | 2018-09-08 02:37:00 | It is rather easy to get yourself in a tangle with this stuff. Rule number 1: Only make one change at a time and make sure it does what you want before you introduce another. I am certainly no expert so feel free to ignore that if you so desire. |
CliveM (6007) | ||
| 1453332 | 2018-09-08 04:32:00 | Agree Clive, This is precisely what I've been doing. I've added individual rules for all the individual devices and things seem to be working quite well for now. I will leave things they way they are for now and see how it all goes. At this point I've not added an explicit deny rule for unsolicited traffic from the WAN (Internet). One thing I have noticed is that with reservations in place I still have to have DHCP enabled. Seems the devices cannot "renew" their DHCP lease. To combat this I have made the DHCP pool a size of n+2 where n is the total number of "known" devices on the network. Once I did this the devices which kept "falling off" seem to have become more stable. |
chiefnz (545) | ||
| 1453333 | 2018-09-08 08:18:00 | It is certainly an interesting exercise and a worthwhile learning experience. | CliveM (6007) | ||
| 1 2 | |||||