Subnet Masks | Router Ports | IP Ranges | Ect…

IP Address Questions and AnswersCategory: Router ConfigurationSubnet Masks | Router Ports | IP Ranges | Ect…
IP Newbie asked 3 years ago

I am using a Westell Model 6100 Proline wired router.

The router has two connection plugins:
- one plugin connection to the telephone outside line (simple), and
- one plugin connection that I have plugged into the ISDN modem that came out with old Compaq machine.

Over the past 10 years, I have used only the Dialup modem, so this router business is a very new to me.

The router installation went pretty well, but I soon found that it had an internal firewall that allows for custom settings to be made. After setting the firewall to much stricter levels and setting it to LOG all Inbound connection attempts, I soon found that there were MANY MANY different people (computers) from around the world (mostly China) trying to connect to my computer, even when there was NO web activity coming from my end.

After experimenting around with the router firewall settings, I found that I WAS able to block ALL Inbound traffic, on all ports from Port 0 to 65535 and was still able to connect to any website.

Later, I began to experiment with blocking as many Outbound ports as possible. With all Outbound ports blocked, from port 0 to 65535 (except port 80), I have still been able to do pretty much the same as before, but occasionally I do have to reload a web page (seldom). These settings I have applied for both TCP & UDP.

I normally always shut down my computer at the end of the day, disconnect the router from the internet & unplug the power to it. On restarting the next day, I can first plug in the power to the router, then immediately turn on the computer (remember this is the Win 98SE startup time added in), and everything always works fine, with no problems connecting to the router & then to the internet that I have found.

The problem with the extremely strict router firewall settings that I have is this:
if I need to Restart my computer for any variety of reasons (remember this is Win 98Se), the router will NOT recognize and connect up to the computer after the restart. On my "TCPview" program (Sysinternals.com-Russinovich...) I get the standard link local IP address that comes up when there is no connection to the router. I think it's something that starts with 169.xxx.xxx.xxx. If I shut the computer down completely and power down the router, as in a cold restart, everything works just fine as before.

One of the first things I have tried is to allow the lower port range between the router & my computer (with the IP address range set between them):

Rule Name (This is the Firewall ALLOW RULES page):
HAL_UDP show details
Protocol UDP
Source IP 192.168.1.10 (the router always assigns this IP # to my computer)
Source Netmask 255.255.255.255 (I have NO IDEA how to set this)
Source Port Range 0 : 1024 (this is my guess at the port range)
Destination IP 192.168.1.1 (this is the router's IP address)
Destination Netmask 255.255.255.255 (I have NO IDEA how to set this)
Destination Port Range 0 : 1024 (this is my guess at the port range)
Mode Log
Direction Both
delete hide details modify
--------------------------------------------------

HAL_TCP show details
Protocol TCP
Source IP 192.168.1.10 (the router always assigns this IP # to my computer)
Source Netmask 255.255.255.255 (I have NO IDEA how to set this)
Source Port Range 0 : 1024 (this is my guess at the port range)
Destination IP 192.168.1.1 (this is the router's IP address)
Destination Netmask 255.255.255.255 (I have NO IDEA how to set this)
Destination Port Range 0 : 1024 (this is my guess at the port range)
Mode Log
Direction Both
delete hide details modify
--------------------------------------------------
Basically I want to only allow communication between my computer & the router (to the web of course), with only the least possible ports open & IP address range necessary between them.
Is/are there any particular port(s) that need to be left open, such as UDP: 137-138 & TCP: 137-139 ??? I had also read somewhere that there was something about DNS lookup on Port 53 (I think?).
Without the above ALLOW rules in place, I can still connect to the web (with port 80 only left open).
(On the DENY rules page, ALL Inbound & Outbound ports are closed, except port 80 on Outbound...)
--------------------------------------------------

Another one of the things that I have been experimenting with is the Network Settings in the Control Panel on My Computer:
Start>Settings>Control Panel>Network>Configuration Tab>TCP/IP Properties>IP Address tab, with the following two radio button options:

- obtain an IP address automatically (was set that way before I began experimenting)
- specify an IP address (this is where I thought I might get some results)

Specify An IP Address:
192.168.1.10 (I tried the number normally assigned by the router)
Subnet Mask:
xxx.xxx.xxx.xxx (I have no Idea what this is or what to input here!)
--------------------------------------

At first I tried the IP address that is automatically assigned by the router to the computer on startup:
192.168.1.10 (this is the standard assignment from the router to the one computer connected to it), but I have been unable to figure out (Again) what to input to the Subnet Mask. Any Ideas????
-------------------------------------

I did find a page on the web that had a subnet calculator:
http://www.subnetonline.com/pages/subnet-calculators/subnetmask-calculator.php

...but it asks for IP address ranges to input into the calculator:
"Please give me your last IP address in your range (i.e. 192.168.91.254) : "
"Please give me your first IP address in your range (i.e. 192.168.90.1) :"

& every guess I have made so far as to what that is has returned only the inability to get onto the web, but in every case I was able to communicate with the router.

If there are any guru's here on this subject, I would greatly appreciate any input. If not, then could someone direct me to a website where I can learn about this stuff, as long as it's not Wikipedia (been there & several other places). Maybe some web site made for IP morons or something. I intend to continue until I learn this stuff, however long it takes......Thanks.....

1 Answers
Shnerdly Staff answered 3 years ago

Thanks for your question IP Newbie.

The subnet mask setting would be 255.255.255.0 by default. You will also need to identify the Default Gateway. I would suspect that it would be 192.168.1.1 based on your IP address but it could be something else. You can learn what is by typing "ipconfig /all" at the command prompt when your connection is active. FYI: That will also show you the Subnet Mask.

The attempts at accessing your network are totally normal. Some are malicious but many are not. The malicious ones are typically bot computers looking for servers on the frequent ports of 80, 8080 and 21. If there is not one there, they just move on to the next IP address but they will continue to retry your IP at some interval depending on their setup in the hopes that they will someday find a server there. The non-malicious attempts are companies like Google, Yahoo and MSN also looking for web servers. They are looking to index the server for use in their search engines. There are also DNS servers that constantly probe IP addresses looking for servers to index. As long as you don't have any ports forwarded to any of your computers, you will be safe.

As far as outbound ports, most people just use personal firewalls on their individual computers. They are notified by the firewall when something tries to access the internet. Things like auto-updaters and so on. I rarely block outbound ports in my routers.

I think the simplest way to understand a router/firewall is to know that it blocks ALL unsolicited inbound traffic. It does not usually block outbound traffic and it does not block solicited in bound traffic.

Solicited inbound traffic would be the data needed for you to view a given webpage on your computer when you request to go to that website. For example, when you typed the address for our website in your browser, you requested the text and graphics that our site is comprised of. The firewall is aware of the request and allows the inbound data.

Know the answer? Login or sign up for an account to answer this question.
Sign Up