Solved Incoming connection on a router

youngunix

Active Member

Reaction score: 40
Messages: 228

On a home/office wireless router, do you guys block all incoming connections?
 
Last edited by a moderator:

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 12,261
Messages: 38,773

Yes, except for a couple of ports I opened for a local Apache and SSH. I also accept some ICMP. But that's about it.

On most SOHO routers this is already happening due to NAT, which already blocks incoming traffic unless there's a specific forwarding rule.
 

kpa

Beastie's Twin

Reaction score: 1,845
Messages: 6,318

Basically you should block everything by default on all interfaces except on loopback (lo0 in FreeBSD) and write specific rules to allow traffic to pass. One thing you shouldn't block if you're hosting services on your hosts is ICMP. ICMP is essential to make the Internet protocols work, without it things like path MTU discovery won't work and you'll get calls from angry customers asking why can't they reach your site.
 
OP
youngunix

youngunix

Active Member

Reaction score: 40
Messages: 228

On the OS I'm blocking all incoming traffic (except SSH) and allowing outgoing of HTTP, HTTPS, SSMTP, SMTP, FTP, SSH, DNS, that's pretty much it. However, I've got two routers; one is a Netgear running factory firmware because DD-WRT is not supported on that particular one, and the other a TP-Link running DD-WRT. These two routers are set up like so:
Code:
[MODEM]-->[NETGEAR]-->[TP-Link]-->my PCs.
So, I'm wondering if DD-WRT blocks all incoming by default. Netgear logs always have 'Attacks <name>' such as SYN flood and ACK; I know when downloading a torrent this happens, but sometimes I'm just accessing websites like FreeBSD, YouTube, or my school's site.
Right now I've acquired a Dell Vostro 220s that looks like a perfect candidate for running pfSense. So, which router do you suggest to keep as a backup?
 

wblock@

Beastie Himself
Developer

Reaction score: 3,730
Messages: 13,851

Keep the one with third-party firmware. Factory firmware has been shown again and again to have ridiculous security problems, almost without regard to vendor.
 
Top