Ive tried port forwading a virtual server with the same ip address as the modem with external port start and end as well as internal as 1, 1056. Does anyone know how I can test my software firewall behind a TP-LINK TD-8840 router/modem?
Try to temporarily set the router to DMZ to the tested computer, disable the router’s firewall if any.
But you might still, at least partially, continue to test the router if it does not allow you to modify its programmation settings, and as a consequence continue to see some ports unstealthed as they continue to be tested from the router.
I dont know what DMZ is, I dont think there is any way to disable the firewall on the router. Im not too familiar with modems and networking. I just want to see if my software firewall is working properly (like all the port stealthed and perfect rating on grc). Is there any easy solution, step by step instruction on how to do this with simple language would be appreciated.
I had a D-link 504T Gen II before and I was able to use it by port forwading (Not to familiar with port forwading) for the first 1056 ports and got a perfect rating at GRC. Help on this issue would be appreciated.
Thanks for your response so far.
DMZ = DeMilitarized Zone. It just runs the signals through, bypassing your firewall.
The following is a quote from my D-Link DIR-825 router:
"The DMZ (Demilitarized Zone) option lets you set a single computer on your network outside of the router. If you have a computer that cannot run Internet applications successfully from behind the router, then you can place the computer into the DMZ for unrestricted Internet access.
“Note: Putting a computer in the DMZ may expose that computer to a variety of security risks. Use of this option is only recommended as a last resort.”
Do you mean the router firewall? Should I proceed with DMZ (where can I find it?) ? Or is there anyother way to test my software firewall?
Why firewall, especially in default mode if a computer is behind the NAT?
I don’t seem to understand your question, I want to test to see if my software firewall is working but I cant get past the router, I tried port forwading and port triggering, but it doesn’t seem to work.
Sorry that was a general question. I’m not sure about your settings but if you connect to your router through addresses like 192.168.x.x you won’t get access to the internet. you’ll have to set the Outer IP in your connection settings. Am I missing something?
I just want to see if my software firewall is working properly (like all the port stealthed and perfect rating on grc). Is there any easy solution, step by step instruction on how to do this with simple language
Don’t ask what America can do for you…
I dont know what DMZ is, I dont think there is any way to disable the firewallWhat about RTFM? http://www.tp-link.com/support/showfaq.asp?id=205
Why firewall, especially in default mode if a computer is behind the NAT?Built-in router's firewall, if any, is often very insufficient and merely serves the most often to ensure all outbound connexions and everything to and from the ISP. NAT rules, still if any, are irrelevant since they only redirect the router's connexion to the specified LAN computer.
Sorry that was a general question. I'm not sure about your settings but if you connect to your router through addresses like 192.168.x.x you won't get access to the internet. you'll have to set the Outer IP in your connection settings. Am I missing something?By default, most home routers work in DHCP mode, automatically renewing a non routable ip (generally in the 169 range) to the LAN side of the router, and another one to each of the LAN computers. This is not a very good idea, and it is far better, including for security software optimization, to fix the LAN IP: in this scheme, the router's LAN IP shall be a gateway at 192.168.1.1, while each LAN computer shall hav a 192.168.1.n IP in the same workgroup. No 192.168.x.x adress confers any internet access since such adresses are, by convention, unroutable: actually, the connexions go from 192.168.1.n to 192.168.1.1, and from there to the WAN IP of the router, the only one able to access internet. The WAN IP is static or dynamic, but always automatic.
Assuming that grc or whatever are valid tests, one has no “easy step-by-step solution” to run this test behind a router as one must ensure, in such a configuration, that the computer is actually tested, and not the router.
In order to fully test the computer and the security software, there’s no other way then to disable the router’s firewall (don’t tell me it can’t be done, RTFM: http://www.tp-link.com/support/showfaq.asp?id=209#firewall) and redirect all of the connexions of the router to the comodo tested computer (dmz).
At the opposite, you could also temporarily disable comodo and set firewall filtering rules on the router:
now, you are testing the router, and who knows, if its firewall is any good, it might be enough?
Thank you Brucine for an extended answer. But I still don’t see any sense in such a configuration - firewall allows by default everything out like windows firewall does, and nobody can access a PC from outside if one is bihind the NAT - it’s not possible without some actions from you. So the firewall in such a case is useless. Is that correct?
By accessing from outside I mean initiating an inbound connection.
Does any of this help you understand Firewalls and how to set yours up?
Are all of these presents for me? Thank you.
I pass everything in grc except:
“Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since “Ping” is among the oldest and most common methods used to locate systems prior to further exploitation”.
I get these whether I forward ports or not, I put in 1-1056 I tried the guide mentioned above but I don’t know how to disable the firewall, I dont think there is an option to.
Also the RFM guide is different to my interface because its a different version.
If your global rules are set to deny icmp echo request and that ping test still fails, it means that the ping test tests not your computer, but your router, and that if the said router does not have an option to deny ping or icmp echo requests, you shall always fail.
still unresolved, sorry about the late reply, if anyone knows how I can test my firewall behind my router, please post my a pm or leave a post in the topic, thanks.
All that was to be said has been said.
The only way to achieve this is to set a dmz to the tested computer.
Even in such a configuration, some routers have a hard coded configuration allowing, e.g., echo requests, and the only way to overcome this situation would be, if possible, to access and modify this hard coding.
If not possible, there shall be no way of actually testing whatever else then at least partially the router itself, excepting unplugging the router and replacing it with a modem to achieve testing: as ping uses icmp requests, and not tcp/udp requests to peculiar ports, it is useless in this regard to forward whatever system port either to the tested computer, either to a “fake ip” to make it fail, altough if might be possible to globally forward on the router the entire icmp protocol to a fake ip, but i am not sure you could stay connected while totally denying icmp.
Last, and as already said, ping abilities are not a security threat by itself if the computer is protected: as far as i know, institutionnal websites like microsoft and others are visible on internet in order for you to visit them.
You need to bypass the router by changing your router’s settings so your computer will directly face the internet. That is usually called put your computer in DMZ (DeMilitarised Zone) or make it “Exposed Host”.