Subnet Masks | Router Ports | IP Ranges | Ect…

IP Newbie asked 2 years ago

I am using a Westell Model 6100 Proline wired router.

The router has two connection plugins:
- one plugin connection to the telephone outside line (simple), and
- one plugin connection that I have plugged into the ISDN modem that came out with old Compaq machine.

Over the past 10 years, I have used only the Dialup modem, so this router business is a very new to me.

The router installation went pretty well, but I soon found that it had an internal firewall that allows for custom settings to be made. After setting the firewall to much stricter levels and setting it to LOG all Inbound connection attempts, I soon found that there were MANY MANY different people (computers) from around the world (mostly China) trying to connect to my computer, even when there was NO web activity coming from my end.

After experimenting around with the router firewall settings, I found that I WAS able to block ALL Inbound traffic, on all ports from Port 0 to 65535 and was still able to connect to any website.

Later, I began to experiment with blocking as many Outbound ports as possible. With all Outbound ports blocked, from port 0 to 65535 (except port 80), I have still been able to do pretty much the same as before, but occasionally I do have to reload a web page (seldom). These settings I have applied for both TCP & UDP.

I normally always shut down my computer at the end of the day, disconnect the router from the internet & unplug the power to it. On restarting the next day, I can first plug in the power to the router, then immediately turn on the computer (remember this is the Win 98SE startup time added in), and everything always works fine, with no problems connecting to the router & then to the internet that I have found.

The problem with the extremely strict router firewall settings that I have is this:
if I need to Restart my computer for any variety of reasons (remember this is Win 98Se), the router will NOT recognize and connect up to the computer after the restart. On my "TCPview" program (Sysinternals.com-Russinovich...) I get the standard link local IP address that comes up when there is no connection to the router. I think it's something that starts with 169.xxx.xxx.xxx. If I shut the computer down completely and power down the router, as in a cold restart, everything works just fine as before.

One of the first things I have tried is to allow the lower port range between the router & my computer (with the IP address range set between them):

Rule Name (This is the Firewall ALLOW RULES page):
HAL_UDP show details
Protocol UDP
Source IP 192.168.1.10 (the router always assigns this IP # to my computer)
Source Netmask 255.255.255.255 (I have NO IDEA how to set this)
Source Port Range 0 : 1024 (this is my guess at the port range)
Destination IP 192.168.1.1 (this is the router's IP address)
Destination Netmask 255.255.255.255 (I have NO IDEA how to set this)
Destination Port Range 0 : 1024 (this is my guess at the port range)
Mode Log
Direction Both
delete hide details modify
--------------------------------------------------

HAL_TCP show details
Protocol TCP
Source IP 192.168.1.10 (the router always assigns this IP # to my computer)
Source Netmask 255.255.255.255 (I have NO IDEA how to set this)
Source Port Range 0 : 1024 (this is my guess at the port range)
Destination IP 192.168.1.1 (this is the router's IP address)
Destination Netmask 255.255.255.255 (I have NO IDEA how to set this)
Destination Port Range 0 : 1024 (this is my guess at the port range)
Mode Log
Direction Both
delete hide details modify
--------------------------------------------------
Basically I want to only allow communication between my computer & the router (to the web of course), with only the least possible ports open & IP address range necessary between them.
Is/are there any particular port(s) that need to be left open, such as UDP: 137-138 & TCP: 137-139 ??? I had also read somewhere that there was something about DNS lookup on Port 53 (I think?).
Without the above ALLOW rules in place, I can still connect to the web (with port 80 only left open).
(On the DENY rules page, ALL Inbound & Outbound ports are closed, except port 80 on Outbound...)
--------------------------------------------------

Another one of the things that I have been experimenting with is the Network Settings in the Control Panel on My Computer:
Start>Settings>Control Panel>Network>Configuration Tab>TCP/IP Properties>IP Address tab, with the following two radio button options:

- obtain an IP address automatically (was set that way before I began experimenting)
- specify an IP address (this is where I thought I might get some results)

Specify An IP Address:
192.168.1.10 (I tried the number normally assigned by the router)
Subnet Mask:
xxx.xxx.xxx.xxx (I have no Idea what this is or what to input here!)
--------------------------------------

At first I tried the IP address that is automatically assigned by the router to the computer on startup:
192.168.1.10 (this is the standard assignment from the router to the one computer connected to it), but I have been unable to figure out (Again) what to input to the Subnet Mask. Any Ideas????
-------------------------------------

I did find a page on the web that had a subnet calculator:
[url]http://www.subnetonline.com/pages/subnet-calculators/subnetmask-calculator.php[/url]

...but it asks for IP address ranges to input into the calculator:
"Please give me your last IP address in your range (i.e. 192.168.91.254) : "
"Please give me your first IP address in your range (i.e. 192.168.90.1) :"

& every guess I have made so far as to what that is has returned only the inability to get onto the web, but in every case I was able to communicate with the router.

If there are any guru's here on this subject, I would greatly appreciate any input. If not, then could someone direct me to a website where I can learn about this stuff, as long as it's not Wikipedia (been there & several other places). Maybe some web site made for IP morons or something. I intend to continue until I learn this stuff, however long it takes......Thanks.....

2 Answers
Shnerdly Staff answered 2 years ago

Thanks for your question IP Newbie.

The subnet mask setting would be 255.255.255.0 by default. You will also need to identify the Default Gateway. I would suspect that it would be 192.168.1.1 based on your IP address but it could be something else. You can learn what is by typing "ipconfig /all" at the command prompt when your connection is active. FYI: That will also show you the Subnet Mask.

The attempts at accessing your network are totally normal. Some are malicious but many are not. The malicious ones are typically bot computers looking for servers on the frequent ports of 80, 8080 and 21. If there is not one there, they just move on to the next IP address but they will continue to retry your IP at some interval depending on their setup in the hopes that they will someday find a server there. The non-malicious attempts are companies like Google, Yahoo and MSN also looking for web servers. They are looking to index the server for use in their search engines. There are also DNS servers that constantly probe IP addresses looking for servers to index. As long as you don't have any ports forwarded to any of your computers, you will be safe.

As far as outbound ports, most people just use personal firewalls on their individual computers. They are notified by the firewall when something tries to access the internet. Things like auto-updaters and so on. I rarely block outbound ports in my routers.

I think the simplest way to understand a router/firewall is to know that it blocks ALL unsolicited inbound traffic. It does not usually block outbound traffic and it does not block solicited in bound traffic.

Solicited inbound traffic would be the data needed for you to view a given webpage on your computer when you request to go to that website. For example, when you typed the address for our website in your browser, you requested the text and graphics that our site is comprised of. The firewall is aware of the request and allows the inbound data.

B.U 4 U. Data Protection answered 4 weeks ago

Hello All,
My name is Prince. I am new to the site and this is my first post / question but I am in desperate need for some experienced assistance and direction. As it relates to my issue that I will discuss in more detail in a moment, it’s important to note that I am commenting here because I believe IP Newbie’s question was well written and contained grave detail which seems to mimic my concerns. However, my questions are related to mobile IP configuration and more importantly port-safeguarding and security measures I can take to prevent tunneling, and entry into my device (iPhone XR w/Verizon IOS 12.4). Please also note, I have been without a desktop computer of my own to climb deeper into my interface which has been a hinderance it seems. Apple has been no help but I have multiple indicators that appear to indicate fiddling with my device, network, previously owned computers and tablets that make me believe this is easy to do, very possible, happening on a larger scale than publicly mentioned, and is a large loophole that hackers are exploiting because people like myself are not aware about Open ports on our mobile device, SSH, Mosh, Tunneling, Telnet, Opensource, Development, Cloud Loop Holes, Router Config, Cypto Technology, Arm 64, code, permissions beta programs allow and etc., which make us unique targets. Now-again, I could be wrong, but assurance in the form of prevention tactics to ensure this cannot take place, if in fact this is taking place alongside some prevention, safety, suggestions or ideas on methods to track the history of previous port usage on mobile/loT/end-point devices or informational go-to resources would be a huge help. I understand, I could be wrong about all of this and i might have made some mistakes by downloaded certain apps in my quest for an understanding such as github, drop copy, Norton vpn, star vpn (don’t seem to help), network analyzers (confusing and a lot of work), but please advise if I did and any guidance will be greatly appreciated and utilized. More detail, data and examples can be provided if requested. In closing, thanks in advance for your time and consideration. I look “4ward” to any and all feedback, help or assistance. Lastly, as a footnote; I read recently that it it could be possible for bad actors attempting to gain access to your network or whom are already on your network can scan your network for miracast devices or DNS ..... to learn and gain certain information and thereafter making it easier for them to use that info to walk right into your network or device. Any truth to this to your knowledge?  I also read that if you connect your phone to a computer you can easily obtain a devices open ports and utilize this information to exploit their device, and what about key loggers? What about connecting to someone’s hotspot or wifi how much information do they then have about your device or ports? Can they then SSH? In closing, not sure if these statements are true but I sure would love to know to put my mind at ease. Lastly, the answer received from Staff was on point???????? in responding to the original posters questions. As a direct result, I am beyond excited to receive feedback.
Warmest Regards,
My name is Prince from Texas. I am new to this site and this is my first post / question but I am in desperate need for some experienced assistance and direction. As it relates to my issue that I will discuss in more detail in a few momentS, I think it’s important to note that I am commenting here because I believe IP Newbie’s question was well-written and contained grave detail which seems to mimic my concerns in many regards. However, my question(s) are related more tied to mobile IP configuration and as well as mobile device— port-safeguarding and security measures that I can take to prevent tunneling, shells, and any unsolicited entry into my device, that is currently a (iPhone XR w/Verizon, IOS 12.4). Please also note, I have been without a desktop computer of my own to climb deeper into my interface for a while, which has been a hinderance it seems for articles I’ve read. Also, Miss. Apple ????????has been no help AT ALL, although I have multiple indicators and instances that “to me”indicate major fiddling within my device, network, and previously owned computers and tablets that make me believe this is easy to do for anyone with a little tech know-how and gumption these instances are very possible, happening on a larger scale than publicly mentioned. Not only that, my belief is that this is a large loophole that hackers are exploiting because people like myself are not aware about Open ports on our mobile device, SSH, Mosh, Tunneling, Telnet, Opensource, Development, Cloud Loop Holes, Router Config, Cypto Technology, Arm 64, code, permissions beta programs allow and etc., developer allowances   which make us unique targets. I could be wrong but help, ways to ensure this cannot take place if it is in fact taking place, prevention and safety suggestions, ideas on methods to track the history of previous port usage on mobile devices loT/end-point devices and information go-to guides. I could be wrong about all of this and i might have made some mistakes by downloaded certain apps in my quest for an understanding such as github, drop copy, Norton vpn, star vpn (don’t seem to help), network analyzers (confusing and a lot of work), but any guidance will be greatly appreciated. More detail and data and examples can be provided if requested. Thanks for your time. I look Forward to any and all feedback, help or assistance. Lastly, I’ve read recently that it is possible for bad actors attempting to gain access to your network or whom are already on your network can scan your network for miracast devices or DNS ...... and learn certain  information and thereafter making it easier for them to walk right into your network or devices, I also read that if you connect your phone to a computer you can easily obtain a devices open ports and utilize this information to exploit their device, and what about key loggers? In closing, not sure if these statements are true but I sure would love to know. Lastly, the answer received from Staff was on point???????? in responding to the original posters questions. As a direct result, I am beyond excited to receive feedback.
Warmest Regards,

Know the answer? Login or sign up for an account to answer this question.
Sign Up