Is the Whitelist Network Service Filter Feature on ASUS Routers broken?












0














I have a ASUS RT-N16 router running firmware version 3.0.0.4.374_4422



I have a voip phone (physical) with it's own private IP address (for the purpose of discussion, let's call it 192.168.0.1) and would like to restrict communication for it so it ONLY can talk to my VOIP server in the cloud (let's call it 50.50.50.50 - again, this is a fictitious example).



I thought I could do this by adding a whitelist policy under Firewall -> Network Services Filter.



I tried adding the following in the Network Services Filter Table:



Source IP: 192.168.0.1

Port Range:  1:65535

Destination IP: 50.50.50.50

Port Range: 1:65535

Protocol: TCP



Source IP: 192.168.0.1

Port Range:  1:65535

Destination IP: 50.50.50.50

Port Range: 1:65535

Protocol: UDP


I also configured the following:



Enable Network Services Filter: Yes

Filter table type: White List

Well-Known Applications: User Defined

Date to Enable LAN to WAN Filter: Mon, Tue, Wed, Thu, Fri

Time of Day to Enable LAN to WAN Filter: 00:00 - 23:59

Date to Enable LAN to WAN Filter: Sat, Sun

Time of Day To Enable LAN to WAN Filter: 00:00-23:59

Filtered ICMP packet types: <blank>


There are no other rules in the table.



After enabling this, internet connectivity was blocked for all devices. This leads me to believe that the Network Services Filter is broken. Can someone confirm? Is there another way to accomplish what I'm looking for?






router firewall







share|improve this question





























    0














    I have a ASUS RT-N16 router running firmware version 3.0.0.4.374_4422



    I have a voip phone (physical) with it's own private IP address (for the purpose of discussion, let's call it 192.168.0.1) and would like to restrict communication for it so it ONLY can talk to my VOIP server in the cloud (let's call it 50.50.50.50 - again, this is a fictitious example).



    I thought I could do this by adding a whitelist policy under Firewall -> Network Services Filter.



    I tried adding the following in the Network Services Filter Table:



    Source IP: 192.168.0.1
    
Port Range:  1:65535
    
Destination IP: 50.50.50.50
    
Port Range: 1:65535
    
Protocol: TCP
    

    
Source IP: 192.168.0.1
    
Port Range:  1:65535
    
Destination IP: 50.50.50.50
    
Port Range: 1:65535
    
Protocol: UDP


    I also configured the following:



    Enable Network Services Filter: Yes
    
Filter table type: White List
    
Well-Known Applications: User Defined
    
Date to Enable LAN to WAN Filter: Mon, Tue, Wed, Thu, Fri
    
Time of Day to Enable LAN to WAN Filter: 00:00 - 23:59
    
Date to Enable LAN to WAN Filter: Sat, Sun
    
Time of Day To Enable LAN to WAN Filter: 00:00-23:59
    
Filtered ICMP packet types: <blank>


    There are no other rules in the table.



    After enabling this, internet connectivity was blocked for all devices. This leads me to believe that the Network Services Filter is broken. Can someone confirm? Is there another way to accomplish what I'm looking for?






    router firewall







    share|improve this question



























      0












      0








      0


      1





      I have a ASUS RT-N16 router running firmware version 3.0.0.4.374_4422



      I have a voip phone (physical) with it's own private IP address (for the purpose of discussion, let's call it 192.168.0.1) and would like to restrict communication for it so it ONLY can talk to my VOIP server in the cloud (let's call it 50.50.50.50 - again, this is a fictitious example).



      I thought I could do this by adding a whitelist policy under Firewall -> Network Services Filter.



      I tried adding the following in the Network Services Filter Table:



      Source IP: 192.168.0.1
      
Port Range:  1:65535
      
Destination IP: 50.50.50.50
      
Port Range: 1:65535
      
Protocol: TCP
      

      
Source IP: 192.168.0.1
      
Port Range:  1:65535
      
Destination IP: 50.50.50.50
      
Port Range: 1:65535
      
Protocol: UDP


      I also configured the following:



      Enable Network Services Filter: Yes
      
Filter table type: White List
      
Well-Known Applications: User Defined
      
Date to Enable LAN to WAN Filter: Mon, Tue, Wed, Thu, Fri
      
Time of Day to Enable LAN to WAN Filter: 00:00 - 23:59
      
Date to Enable LAN to WAN Filter: Sat, Sun
      
Time of Day To Enable LAN to WAN Filter: 00:00-23:59
      
Filtered ICMP packet types: <blank>


      There are no other rules in the table.



      After enabling this, internet connectivity was blocked for all devices. This leads me to believe that the Network Services Filter is broken. Can someone confirm? Is there another way to accomplish what I'm looking for?






      router firewall







      share|improve this question















      I have a ASUS RT-N16 router running firmware version 3.0.0.4.374_4422



      I have a voip phone (physical) with it's own private IP address (for the purpose of discussion, let's call it 192.168.0.1) and would like to restrict communication for it so it ONLY can talk to my VOIP server in the cloud (let's call it 50.50.50.50 - again, this is a fictitious example).



      I thought I could do this by adding a whitelist policy under Firewall -> Network Services Filter.



      I tried adding the following in the Network Services Filter Table:



      Source IP: 192.168.0.1
      
Port Range:  1:65535
      
Destination IP: 50.50.50.50
      
Port Range: 1:65535
      
Protocol: TCP
      

      
Source IP: 192.168.0.1
      
Port Range:  1:65535
      
Destination IP: 50.50.50.50
      
Port Range: 1:65535
      
Protocol: UDP


      I also configured the following:



      Enable Network Services Filter: Yes
      
Filter table type: White List
      
Well-Known Applications: User Defined
      
Date to Enable LAN to WAN Filter: Mon, Tue, Wed, Thu, Fri
      
Time of Day to Enable LAN to WAN Filter: 00:00 - 23:59
      
Date to Enable LAN to WAN Filter: Sat, Sun
      
Time of Day To Enable LAN to WAN Filter: 00:00-23:59
      
Filtered ICMP packet types: <blank>


      There are no other rules in the table.



      After enabling this, internet connectivity was blocked for all devices. This leads me to believe that the Network Services Filter is broken. Can someone confirm? Is there another way to accomplish what I'm looking for?






      router firewall




      router firewall






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Sep 25 '16 at 0:08









      Hennes

      58.8k792141




      58.8k792141










      asked Apr 14 '14 at 2:53









      Mike B

      1,24093148




      1,24093148






















          1 Answer
          1






          active

          oldest

          votes


















          1














          My current solution for using a VOIP device, that fails to use STUN or UPNP:




          1. Configure LAN - DHCP Server to assign static IP to my VOIP device (Ex. 192.168.1.10)

          2. Configure WAN - Port forwarding on the needed ports (For me it was UDP Port 5004 and 5060) to my VOIP device static IP


          This had the side effect, that my phone was ringing whenever someone did a port-scan. To stop this madness then I had to restrict access to my VOIP-device, so only the valid SIP-Server got access.



          I tried to use the firewall white list, but was not able to figure how to restrict access for one IP address.



          Instead I chose to install the Asus Merlin firmware, and followed the advice about Allowing port forwarding to a service (like RDesktop) only from a specific IP




          • Activate JFFS partition and format it on next reboot (Administration -> System)

          • Activate SSH (Administration -> System)

          • Activate "SIP Passthrough" to avoid dropping packages to udp port 5060 (WAN -> NAT Passthrough)

          • Connect with WinSCP using SCP and upload the wanted nat-start script.






          share|improve this answer






















            protected by Ramhound Dec 9 at 16:37



            Thank you for your interest in this question.
            Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).



            Would you like to answer one of these unanswered questions instead?














            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            1














            My current solution for using a VOIP device, that fails to use STUN or UPNP:




            1. Configure LAN - DHCP Server to assign static IP to my VOIP device (Ex. 192.168.1.10)

            2. Configure WAN - Port forwarding on the needed ports (For me it was UDP Port 5004 and 5060) to my VOIP device static IP


            This had the side effect, that my phone was ringing whenever someone did a port-scan. To stop this madness then I had to restrict access to my VOIP-device, so only the valid SIP-Server got access.



            I tried to use the firewall white list, but was not able to figure how to restrict access for one IP address.



            Instead I chose to install the Asus Merlin firmware, and followed the advice about Allowing port forwarding to a service (like RDesktop) only from a specific IP




            • Activate JFFS partition and format it on next reboot (Administration -> System)

            • Activate SSH (Administration -> System)

            • Activate "SIP Passthrough" to avoid dropping packages to udp port 5060 (WAN -> NAT Passthrough)

            • Connect with WinSCP using SCP and upload the wanted nat-start script.






            share|improve this answer




























              1














              My current solution for using a VOIP device, that fails to use STUN or UPNP:




              1. Configure LAN - DHCP Server to assign static IP to my VOIP device (Ex. 192.168.1.10)

              2. Configure WAN - Port forwarding on the needed ports (For me it was UDP Port 5004 and 5060) to my VOIP device static IP


              This had the side effect, that my phone was ringing whenever someone did a port-scan. To stop this madness then I had to restrict access to my VOIP-device, so only the valid SIP-Server got access.



              I tried to use the firewall white list, but was not able to figure how to restrict access for one IP address.



              Instead I chose to install the Asus Merlin firmware, and followed the advice about Allowing port forwarding to a service (like RDesktop) only from a specific IP




              • Activate JFFS partition and format it on next reboot (Administration -> System)

              • Activate SSH (Administration -> System)

              • Activate "SIP Passthrough" to avoid dropping packages to udp port 5060 (WAN -> NAT Passthrough)

              • Connect with WinSCP using SCP and upload the wanted nat-start script.






              share|improve this answer


























                1












                1








                1






                My current solution for using a VOIP device, that fails to use STUN or UPNP:




                1. Configure LAN - DHCP Server to assign static IP to my VOIP device (Ex. 192.168.1.10)

                2. Configure WAN - Port forwarding on the needed ports (For me it was UDP Port 5004 and 5060) to my VOIP device static IP


                This had the side effect, that my phone was ringing whenever someone did a port-scan. To stop this madness then I had to restrict access to my VOIP-device, so only the valid SIP-Server got access.



                I tried to use the firewall white list, but was not able to figure how to restrict access for one IP address.



                Instead I chose to install the Asus Merlin firmware, and followed the advice about Allowing port forwarding to a service (like RDesktop) only from a specific IP




                • Activate JFFS partition and format it on next reboot (Administration -> System)

                • Activate SSH (Administration -> System)

                • Activate "SIP Passthrough" to avoid dropping packages to udp port 5060 (WAN -> NAT Passthrough)

                • Connect with WinSCP using SCP and upload the wanted nat-start script.






                share|improve this answer














                My current solution for using a VOIP device, that fails to use STUN or UPNP:




                1. Configure LAN - DHCP Server to assign static IP to my VOIP device (Ex. 192.168.1.10)

                2. Configure WAN - Port forwarding on the needed ports (For me it was UDP Port 5004 and 5060) to my VOIP device static IP


                This had the side effect, that my phone was ringing whenever someone did a port-scan. To stop this madness then I had to restrict access to my VOIP-device, so only the valid SIP-Server got access.



                I tried to use the firewall white list, but was not able to figure how to restrict access for one IP address.



                Instead I chose to install the Asus Merlin firmware, and followed the advice about Allowing port forwarding to a service (like RDesktop) only from a specific IP




                • Activate JFFS partition and format it on next reboot (Administration -> System)

                • Activate SSH (Administration -> System)

                • Activate "SIP Passthrough" to avoid dropping packages to udp port 5060 (WAN -> NAT Passthrough)

                • Connect with WinSCP using SCP and upload the wanted nat-start script.







                share|improve this answer














                share|improve this answer



                share|improve this answer








                edited Jan 17 '16 at 18:13

























                answered Jan 12 '16 at 20:49









                Rolf Kristensen

                1513




                1513

















                    protected by Ramhound Dec 9 at 16:37



                    Thank you for your interest in this question.
                    Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).



                    Would you like to answer one of these unanswered questions instead?



                    -

                    Popular posts from this blog

                    flock() on closed filehandle LOCK_FILE at /usr/bin/apt-mirror

                    Image
                    0 I recently upgraded an Ubuntu 16.04 virtual machine to 18.04. I regularly use this VM to run apt-mirror at school on their high-speed internet, then rsync these files to my rack-mount server at home for updating multiple computers at home without wasting the tiny amount of bandwidth I have there. Since updating I can't get apt-mirror to run on my VM. It keeps giving the error: flock() on closed filehandle LOCK_FILE at /usr/bin/apt-mirror line 214 immediately followed by: apt-mirror is already running, exiting at /usr/bin/apt-mirror line 217 apt-mirror is NOT running, and does not have a cron job. I've tried rebooting, and even looked for the old-style lockfile to delete, but I guess that method is no longer used. Is there some way to force unlock this so I can run apt-mirror? UPDATE: So... I f
                    Read more

                    Mangá

                    Image
                      Nota:  Não confundir com Manga. Mangás e Animes Mangá Mangaká • Tankōbon Film comic La nouvelle manga Mangá original em inglês Anime História Animação influenciada por animes • Filler • OVA • Seiyū Públicos Kodomo • Shōjo • Shōnen Josei • Seinen Gêneros Mahō shōjo • Mecha • Harém Ecchi • Hentai ( Yaoi • Yuri Futanari • Shotacon • Lolicon Toddlercon ) Termos Bishōjo • Chibi • Fan service Gaiden • Kawaii • Kaitō • Light novel Mahō shōnen • Moe (antropomorfismo • Kemonomimi Nekomimi ) • Super deformed Omake • Tsundere • Yonkoma Listas Mangás • Animes • Ecchi • Mangaka • Estúdios • Revistas Fãs ( otaku ) Anime Music Video Convenções • Cosplay Dōjinshi • Fansub • Fandub • Fujoshi OS-tan • Scanlation Portal de Anime e mangá v d e O mangá (português brasileiro) ou manga (português europeu) [ 1 ] (em japonês: 漫画 , manga ? , lit. “história em quadrinhos”) , é a
                    Read more

                     ⁒  ․,‪⁊‑⁙ ⁖, ⁇‒※‌, †,⁖‗‌⁝    ‾‸⁘,‖⁔⁣,⁂‾
”‑,‥–,‬ ,⁀‹⁋‴⁑ ‒ ,‴⁋”‼ ⁨,‷⁔„ ‰′,‐‚ ‥‡‎“‷⁃⁨⁅⁣,⁔
⁇‘⁔⁡⁏⁌⁡‿‶‏⁨ ⁣⁕⁖⁨⁩⁥‽⁀  ‴‬⁜‟ ⁃‣‧⁕‮ …‍⁨‴ ⁩,⁚⁖‫ ,‵ ⁀,‮⁝‣‣ ⁑  ⁂– ․, ‾‽ ‏⁁“⁗‸ ‾… ‹‡⁌⁎‸‘ ‡⁏⁌‪ ‵⁛ ‎⁨ ―⁦⁤⁄⁕

                    ⁉…‧ ⁩,“⁡‹⁃‽⁞•,⁠‚  ⁓⁎  ⁜ ‴ ⁥⁡⁎‭,‍‑⁁⁌⁦ ⁁‟⁙‥‒“⁈ ,‪⁧ ⁙‿⁇⁦,⁝‘ ⁎“⁘‫‪,‗‹‛‹⁒  ⁇⁄‗‒•“⁇   ‐ ⁂
‘‛, ‶⁦ ⁇ ​⁞‧ 
,⁏ …‹–⁗⁡⁘⁄ ‏‿‬‟″ ‏⁢⁦⁗⁚⁝‬⁢⁏,⁧″⁍′‖⁂※⁄‘– ‵⁡ ‭⁢⁚,⁅‧,‼‛⁗,⁡⁗“⁔⁃⁍‷⁏‗‱⁌‚  
•⁝ ‚‒ ‥‰  ′⁌, ⁄, ⁛—‭‑”⁂,⁑ ‡⁨‴⁖⁙…,‑, ,⁎,․‣‥  ‴‎⁎,″‛⁎‭‿ ⁤ ‷‾‼‖,⁠⁊‾,⁦“‗‑‌†,⁙,†⁝′ 
,―‚․‘, ⁢  ‿‌,⁀„‣,⁌,‭‖ ⁆“‪,―  ⁀ ⁃,
‷⁥,​,‟‗⁄⁉⁐⁗―
,‮⁢⁩⁆⁣‹‭⁅ ⁝‾‏‭⁖ ⁕⁄‷,†‟‒ ⁣‹,​…​,⁤⁂⁨‮⁎⁙–‟‼ ⁍‱‱,‽,‫‽‣ ⁒,⁨ ⁄ ⁝”„‿‑‎⁈‿
 ⁀‛‼‟ ⁑“,⁩​ ‒
–⁡…⁢ ⁂ ⁈⁎,‵‡,⁛,,‱⁧⁋,․‬⁄ “,⁄‴⁊  ‗―,‵⁙⁔—⁀ —  ⁀‬‬ ‒⁋‼⁀― ,⁌′ ‍‶ ’
                    Read more